Accepted mantis 0.19.2-4 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 16 Aug 2005 23:37:04 +0200
Source: mantis
Binary: mantis
Architecture: source all
Version: 0.19.2-4
Distribution: stable-security
Urgency: high
Maintainer: Hilko Bengen <bengen@debian.org>
Changed-By: Hilko Bengen <bengen@debian.org>
Description:
mantis - web-based bug tracking system
Changes:
mantis (0.19.2-4) stable-security; urgency=HIGH
.
* Maintainer upload for the security team
* Fixes CAN-2005-2556
- Mantis bug#0005956: Fixes "Database system scanner via variable
poisoning" vulnerability
* Fixes CAN-2005-2557
- Mantis bug#0005959: Fixes cross-site-scripting vulnerability in
view_all_set.php
- Mantis bug#0006002: Fixes cross-site-scripting vulnerability in
view_all_bug_page.php
* Thanks to Joxean Koret <joxeankoret@yahoo.es> for pointing these
issues out. Thanks to Glenn Henshaw <thraxisp4@mac.com> for providing
detailed information by sending the BTS entries per mail
.
Unfortunately, to my knowledge, upstream developers have neither made
those entries publicly available nor issued warnings after fixing the
bugs.
Files:
645a849f54cada06624b040ca106310f 568 web optional mantis_0.19.2-4.dsc
042c42c6de3bc536181391c1e9b25db3 1298615 web optional mantis_0.19.2.orig.tar.gz
311c66f058bfd06ef02d97dc0dad4880 34601 web optional mantis_0.19.2-4.diff.gz
afa2f33377b412779d5710e94b5f68e3 895224 web optional mantis_0.19.2-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDAmG3UCgnLz/SlGgRAoGDAKCTWZVA9JLGaNslowefPO2v+2aI0QCggdOo
5tgG97ZELgs66Kfk+F/A9sE=
=isaE
-----END PGP SIGNATURE-----
Accepted:
mantis_0.19.2-4.diff.gz
to pool/main/m/mantis/mantis_0.19.2-4.diff.gz
mantis_0.19.2-4.dsc
to pool/main/m/mantis/mantis_0.19.2-4.dsc
mantis_0.19.2-4_all.deb
to pool/main/m/mantis/mantis_0.19.2-4_all.deb
Reply to: