Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
On Sat, 2010-10-30 at 12:23 +0200, sils wrote:
> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3
> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for
> CVE-2010-3763 .
> Fixed in version mantis/1.1.8+dfsg-9 (unstable) 
That's the second one in less than a week. :-(
Has anyone conducted a proper review of the code to see how many more of
these issues might be lurking? Whilst I'm happy to fix such issues in
stable, it would be nice not to have to keep approving changes that look
remarkably similar to the previous few updates.