Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)
On Tue, 2010-11-16 at 23:22 +0100, Moritz Muehlenhoff wrote:
> In gmane.linux.debian.devel.release, you wrote:
> > On Sat, 2010-10-30 at 12:23 +0200, sils wrote:
> >> Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3
> >> (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for
> >> CVE-2010-3763 .
> >> Fixed in version mantis/1.1.8+dfsg-9 (unstable) 
> > That's the second one in less than a week. :-(
> > Has anyone conducted a proper review of the code to see how many more of
> > these issues might be lurking? Whilst I'm happy to fix such issues in
> > stable, it would be nice not to have to keep approving changes that look
> > remarkably similar to the previous few updates.
> Can we move on with this specific update for now?
Sorry, this slipped off my to-do while it was waiting for an answer.
Please go ahead.