Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
http://www.redmine.org/news/49
http://www.openwall.com/lists/oss-security/2012/01/06/7