Bug#743828: redmine: security: open redirector issue

Sun, 06 Apr 2014 16:46:14 -0700 

Package: redmine
Severity: serious
Tags: security

Quoting from:

http://www.openwall.com/lists/oss-security/2014/04/06/1

> Redmine versions 2.4.5 and 2.5.1 fixed an open redirector issue.  The
> code verifying the redirection URIs accepted scheme-relative URIs
> which can lead to different hosts:
> 
> http://www.redmine.org/projects/redmine/wiki/Security_Advisories
> http://www.redmine.org/projects/redmine/wiki/Changelog
> https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3.patch

This issue is present in all redmine versions.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to