[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixed - mantis: CVE-2010-3763 xss vulnerability (Permission to upload)



Hi Adam,

On 11/16/2010 11:47 PM, Adam D. Barratt wrote:
>>> Has anyone conducted a proper review of the code to see how many more of
>>> these issues might be lurking?  Whilst I'm happy to fix such issues in
>>> stable, it would be nice not to have to keep approving changes that look
>>> remarkably similar to the previous few updates.
>> Can we move on with this specific update for now?
> 
> Sorry, this slipped off my to-do while it was waiting for an answer.

Sorry, my fault, I could not reply before.

I am focused on the new upstream version (1.2.3) now.

Lastest CVEs issues (on mantis 1.1.6 and 1.1.8) were only exploitables
logged in with administrative privileges, and seams to be solved in
mantis 1.2.3 upstream version.

I will go on fixing future issues on our old mantis version and I
looking forward to upload 1.2.3 version as soon as possible.

> Please go ahead.

About 1.1.6+dfsg-2lenny4, it was uploaded to spu.

> Regards,

Thanks for your time, and sorry (again)

Regards,

Sils

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: