A Cross-Site Scripting (XSS) vulnerability was reported , in the RedCloth rubygem. This has not been fixed upstream, but Redmine uses a copy of RedCloth and has a patch .
Created rubygem-RedCloth tracking bugs for this issue:
Affects: fedora-all [bug 1179872]
Affects: epel-5 [bug 1179873]
Affects: epel-6 [bug 1179874]