[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)

In gmane.linux.debian.devel.release, you wrote:
> On Sat, 2010-10-30 at 12:23 +0200, sils wrote:
>> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3
>> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for
>> CVE-2010-3763 [1].
>> Fixed in version mantis/1.1.8+dfsg-9 (unstable) [2]
> That's the second one in less than a week. :-(
> Has anyone conducted a proper review of the code to see how many more of
> these issues might be lurking?  Whilst I'm happy to fix such issues in
> stable, it would be nice not to have to keep approving changes that look
> remarkably similar to the previous few updates.

Can we move on with this specific update for now?


Reply to: