Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
http://www.redmine.org/news/49
http://www.openwall.com/lists/oss-security/2012/01/06/7