From owner-freebsd-ruby@FreeBSD.ORG  Sun Feb 10 19:59:02 2013
Return-Path: <owner-freebsd-ruby@FreeBSD.ORG>
Delivered-To: ruby@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 50F135D4
 for <ruby@FreeBSD.org>; Sun, 10 Feb 2013 19:59:02 +0000 (UTC)
 (envelope-from swills@FreeBSD.org)
Received: from mouf.net (mouf.net [IPv6:2607:fc50:0:4400:216:3eff:fe69:33b3])
 by mx1.freebsd.org (Postfix) with ESMTP id 05B9FF76
 for <ruby@FreeBSD.org>; Sun, 10 Feb 2013 19:59:01 +0000 (UTC)
Received: from meatwad.mouf.net (cpe-098-122-135-254.nc.res.rr.com
 [98.122.135.254]) (authenticated bits=0)
 by mouf.net (8.14.5/8.14.5) with ESMTP id r1AJwqnD035188
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT);
 Sun, 10 Feb 2013 19:58:58 GMT (envelope-from swills@FreeBSD.org)
Message-ID: <5117FBFC.7060702@FreeBSD.org>
Date: Sun, 10 Feb 2013 19:58:52 +0000
From: Steve Wills <swills@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130129 Thunderbird/17.0.2
MIME-Version: 1.0
To: Sascha Gresk <sascha.gresk@opensource-consult.com>
Subject: Re: redmine 1.3.1 in ports/www/redmine
References: <1B6F5330-93B0-4A1B-AAB5-B1B210C7D1B5@opensource-consult.com>
In-Reply-To: <1B6F5330-93B0-4A1B-AAB5-B1B210C7D1B5@opensource-consult.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
 (mouf.net [199.48.129.64]); Sun, 10 Feb 2013 19:58:58 +0000 (UTC)
X-Spam-Status: No, score=1.3 required=4.5 tests=RCVD_IN_RP_RNBL autolearn=no
 version=3.3.2
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mouf.net
X-Virus-Scanned: clamav-milter 0.97.6 at mouf.net
X-Virus-Status: Clean
Cc: ruby@FreeBSD.org
X-BeenThere: freebsd-ruby@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: FreeBSD-specific Ruby discussions <freebsd-ruby.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ruby>,
 <mailto:freebsd-ruby-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ruby>
List-Post: <mailto:freebsd-ruby@freebsd.org>
List-Help: <mailto:freebsd-ruby-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ruby>,
 <mailto:freebsd-ruby-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2013 19:59:02 -0000

On 02/01/13 15:59, Sascha Gresk wrote:
> http://www.redmine.org/projects/redmine/wiki/Security_Advisories
> 
> "Mass-assignemnt vulnerability that would allow an attacker to
> bypass part of the security checks"
> 

Thanks for the heads up. Would you be interested in helping out by
sending a patch or testing a patch if I come up with one?

Steve