Ubuntu Security Notice 4200-1 - It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. It was discovered that an SQL injection could allow users to access protected information via a crafted object query.
623c8e3a17e14a602b525ab5f5540e738d4bb3f031a88de1d5acd06feb27ea0e
Debian Linux Security Advisory 4574-1 - Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting.
f1645c9f2dabbdc81219cfc176d38ae5e5f0545878192b80541326f30e08efaf