Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: debian-release@lists.debian.org
Subject: Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)
From: sils <sils@powered-by-linux.com>
Date: Sun, 24 Oct 2010 19:44:32 +0200
Message-id: <[🔎] 4CC47080.3030305@powered-by-linux.com>
Reply-to: sils@powered-by-linux.com
In-reply-to: <[🔎] 1287941787.27210.2313.camel@hathi.jungle.funky-badger.org>
References: <[🔎] 4CC46486.9080801@powered-by-linux.com> <[🔎] 1287941787.27210.2313.camel@hathi.jungle.funky-badger.org>


On 10/24/2010 07:36 PM, Adam D. Barratt wrote:

On Sun, 2010-10-24 at 18:53 +0200, sils wrote:

Attached you will find the diff between mantis_1.1.6+dfsg-2lenny2
(currently in s-p-u) and mantis_1.1.6+dfsg-2lenny3 with the fix for
CVE-2010-3303.

I did not uploaded any package until receive a confirmation or
guidelines from the release team about how to proceed.


Have you confirmed with the security team that they do not wish to
resolve this via a DSA?  I realise that the previous XSS issues were
fixed via p-u, but
http://security-tracker.debian.org/tracker/CVE-2010-3303 is not
currently marked "no DSA".


OK, I'm going to check out with DSA and let you know.

Thanks

Sils

Reply to:

References:
- Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)
  - From: sils <sils@powered-by-linux.com>
- Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)
Next by Date: Bug#601272: unblock: dctrl-tools/2.14.5
Previous by thread: Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)
Next by thread: Re: Fixed - mantis: CVE-2010-3303 xss vulnerability (Permission to upload)
Index(es):
- Date
- Thread