Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)

To: sils@powered-by-linux.com
Cc: debian-release@lists.debian.org
Subject: Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 30 Oct 2010 23:19:59 +0100
Message-id: <[🔎] 1288477199.30602.11893.camel@hathi.jungle.funky-badger.org>
In-reply-to: <[🔎] 4CCBF22F.6090104@powered-by-linux.com>
References: <[🔎] 4CCBF22F.6090104@powered-by-linux.com>

On Sat, 2010-10-30 at 12:23 +0200, sils wrote:
> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3
> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for
> CVE-2010-3763 [1].
> 
> Fixed in version mantis/1.1.8+dfsg-9 (unstable) [2]

That's the second one in less than a week. :-(

Has anyone conducted a proper review of the code to see how many more of
these issues might be lurking?  Whilst I'm happy to fix such issues in
stable, it would be nice not to have to keep approving changes that look
remarkably similar to the previous few updates.

Regards,

Adam

Reply to:

References:
- Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
  - From: sils <sils@powered-by-linux.com>

Prev by Date: Bug#601900: Request for freeze exception for clamav 0.96.4+dfsg-1
Next by Date: Bug#601904: unblock: libjfreechart-java/1.0.13-3
Previous by thread: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
Next by thread: Bug#601853: unblock: debian-edu-install/1.518 (freeze exception)
Index(es):
- Date
- Thread