[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)

On Sun, 2010-10-24 at 18:53 +0200, sils wrote:
> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny2 
> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny3 with the fix for 
> CVE-2010-3303.
> I did not uploaded any package until receive a confirmation or 
> guidelines from the release team about how to proceed.

Have you confirmed with the security team that they do not wish to
resolve this via a DSA?  I realise that the previous XSS issues were
fixed via p-u, but
http://security-tracker.debian.org/tracker/CVE-2010-3303 is not
currently marked "no DSA".



Reply to: