Re: Fixed - mantis: CVE-2010-2574 xss vulnerability (Permission to upload)

To: sils@powered-by-linux.com
Cc: debian-release@lists.debian.org
Subject: Re: Fixed - mantis: CVE-2010-2574 xss vulnerability (Permission to upload)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 05 Sep 2010 16:13:41 +0100
Message-id: <[🔎] 1283699621.32691.146.camel@kaa.jungle.aubergine.my-net-space.net>
In-reply-to: <[🔎] 4C839CC3.10504@powered-by-linux.com>
References: <[🔎] 4C839CC3.10504@powered-by-linux.com>

On Sun, 2010-09-05 at 15:36 +0200, sils wrote:
> Attached you will find the fixes for mantis: CVE-2010-2574 [0] xss
> vulnerability, reported in BTS #595510 [1] yesterday, affecting lenny,
> testing and sid packages (all of them).
> 
> I contacted with the security-team about the CVE and I was told to
> contact directly with the release team, because the CVE is not critical
> and they said it would be nice if the update is made via regular point
> contact with your team at first.

Please go ahead with the uploads to stable and unstable, and let us know
once the packages have been accepted.

> Please note that BTS #595510 [1] regarding this issue, is closed in
> 1.1.8+dfsg-6.

Then please mention that in the changelog(s).

Regards,

Adam

Reply to:

Follow-Ups:
- mantis: CVE-2010-2574 xss vulnerability - Accepted uploaded packages
  - From: sils <sils@powered-by-linux.com>

References:
- Fixed - mantis: CVE-2010-2574 xss vulnerability (Permission to upload)
  - From: sils <sils@powered-by-linux.com>

Prev by Date: Bug#595652: db packages failing to install...
Next by Date: Bug#595636: marked as done (unblock: eina/0.9.9.49898-2)
Previous by thread: Fixed - mantis: CVE-2010-2574 xss vulnerability (Permission to upload)
Next by thread: mantis: CVE-2010-2574 xss vulnerability - Accepted uploaded packages
Index(es):
- Date
- Thread