Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Tue, 2010-11-16 at 23:22 +0100, Moritz Muehlenhoff wrote:
> In gmane.linux.debian.devel.release, you wrote:
> > On Sat, 2010-10-30 at 12:23 +0200, sils wrote:
> >> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3
> >> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for
> >> CVE-2010-3763 [1].
> >> 
> >> Fixed in version mantis/1.1.8+dfsg-9 (unstable) [2]
> >
> > That's the second one in less than a week. :-(
> >
> > Has anyone conducted a proper review of the code to see how many more of
> > these issues might be lurking?  Whilst I'm happy to fix such issues in
> > stable, it would be nice not to have to keep approving changes that look
> > remarkably similar to the previous few updates.
> 
> Can we move on with this specific update for now?

Sorry, this slipped off my to-do while it was waiting for an answer.

Please go ahead.

Regards,

Adam