[Roundup-users] Roundup CVE fixes - security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello All:

There are three security issues found in Roundup a couple of weeks ago
by Alec Romano.

 * one requires changes to html files in the tracker. (There is a zip
   file you can download with fixed html template files.)

 * the other two are fixed by changing the Roundup source code. (1)

The announcement is at the top of:

  https://www.roundup-tracker.org/docs/security.html

for CVE-2024-39124, CVE-2024-39125, and CVE-2024-39126. It has links
to the CVEs, details on the issues, and remediation directions for each
CVE.

The 2.4.0 Roundup release fixes the issues at (1). It will happen this
weekend, but I wanted to get the CVE announcement out during the
normal work week so it's not announced during the weekend.

The zip file with updated tracker templates has a sha256sum of:

c09e94f3c6756db66d33cc14108f8156ff0167b9ae8edafc0d59e96a761b33e8  CVE-2024-39124-templates.zip

--
				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.

[Roundup-users] Roundup CVE fixes - security

Simple-to-use/-install issue-tracking system: web, REST, email, CLI

[Roundup-users] Roundup CVE fixes - security