Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)

To: sils@powered-by-linux.com
Cc: debian-release@lists.debian.org
Subject: Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 16 Nov 2010 23:22:19 +0100
Message-id: <[🔎] 20101116222219.GA3499@galadriel.inutil.org>
In-reply-to: <1288477199.30602.11893.camel@hathi.jungle.funky-badger.org>
References: <4CCBF22F.6090104@powered-by-linux.com> <1288477199.30602.11893.camel@hathi.jungle.funky-badger.org>

In gmane.linux.debian.devel.release, you wrote:
> On Sat, 2010-10-30 at 12:23 +0200, sils wrote:
>> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3
>> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for
>> CVE-2010-3763 [1].
>> 
>> Fixed in version mantis/1.1.8+dfsg-9 (unstable) [2]
>
> That's the second one in less than a week. :-(
>
> Has anyone conducted a proper review of the code to see how many more of
> these issues might be lurking?  Whilst I'm happy to fix such issues in
> stable, it would be nice not to have to keep approving changes that look
> remarkably similar to the previous few updates.

Can we move on with this specific update for now?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: lastfm 1.5.1.31879.dfsg-1+lenny1 stable update
Next by Date: Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
Previous by thread: Re: Fixing #548909 (xen-tools: xen-create-image creates world readable disk image files) in stable
Next by thread: Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
Index(es):
- Date
- Thread