Hi, On 06/16/2012 01:09 PM, Thijs Kinkhorst wrote: > On Sat, June 16, 2012 00:40, sils@powered-by-linux.com wrote: >> Hi Team, >> >> I had prepared a new security-stable version for mantis package to fix >> some new CVE's, and I found out that CVE-2011-3578 [1], patched on mantis >> 1.1.8+dfsg-10squeeze1, from 2011, was not yet updated in the security >> tracker. >> >> The CVE-2011-3578 was not yet assigned when the security package, >> including the patch [2], >> 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff [3], was uploaded >> and fixed. >> >> Please, could you update the tracker and fix it? > > Yes, I updated it. > > Will you add the CVE to squeeze1's changelog, for posterity? > Done [0] Thanks. [0] http://anonscm.debian.org/gitweb/?p=collab-maint/mantis.git;a=commitdiff;h=c8c3280f5a29a11770f1eff77a5eb34d3b40b9e7 -- Dario Minnucci <midget@debian.org> Phone: +34 902884117 | Fax: +34 902024417 | Support: +34 807450000 Key fingerprint = BAA1 7AAF B21D 6567 D457 D67D A82F BB83 F3D5 7033
Attachment:
signature.asc
Description: OpenPGP digital signature