1
Candidate: CVE-2015-8346
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346
5
https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
6
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
7
http://www.openwall.com/lists/oss-security/2015/11/25/1
9
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before
10
3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive
11
information about subjects of issues by viewing the time logging form.
14
tyhicks> Fixed in 2.6.8, 3.0.6 and 3.1.2
16
https://www.redmine.org/issues/21150 (private)
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376
23
upstream_redmine: released (3.1.2)
24
precise_redmine: ignored (reached end-of-life)
25
precise/esm_redmine: DNE (precise was needed)
26
trusty_redmine: needed
27
vivid_redmine: ignored (reached end-of-life)
28
vivid/stable-phone-overlay_redmine: DNE
29
vivid/ubuntu-core_redmine: DNE
30
wily_redmine: ignored (reached end-of-life)
31
xenial_redmine: not-affected (3.2.0-1)
32
yakkety_redmine: ignored (reached end-of-life)
33
zesty_redmine: ignored (reached end-of-life)
34
artful_redmine: not-affected (3.2.0-1)
35
bionic_redmine: not-affected (3.2.0-1)
36
devel_redmine: not-affected (3.2.0-1)