Please sync mantis 1.1.8+dfsg-6 (universe) from Debian unstable (main).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mantis (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/mantis
status new
importance wishlist
subscribe ubuntu-sponsors
Please sync mantis 1.1.8+dfsg-6 (universe) from Debian unstable (main).
Please sync the current version from debian as it fixes CVE
vulnerability
Changelog since current maverick version 1.1.8+dfsg-5:
mantis (1.1.8+dfsg-6) unstable; urgency=high
* debian/patches:
+ Added 08-CVE-
vulnerability when deleting categories that have been
maliciously named.(Closes: #595510)
-- Silvia Alvarez <email address hidden> Sun, 05 Sep 2010 01:58:01 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFMhPRoUlf
YN0AwS/
=mp5g
-----END PGP SIGNATURE-----
CVE References
Changed in mantis (Ubuntu): | |
assignee: | nobody → Stefano Rivera (stefanor) |
status: | New → In Progress |
assignee: | Stefano Rivera (stefanor) → nobody |
status: | In Progress → Fix Committed |
This bug was fixed in the package mantis - 1.1.8+dfsg-6
---------------
mantis (1.1.8+dfsg-6) unstable; urgency=high
* debian/patches: 2010-2574. diff: Fix for CVE-2010-2574 XSS
+ Added 08-CVE-
vulnerability when deleting categories that have been
maliciously named.(Closes: #595510)
-- Bhavani Shankar <email address hidden> Sun, 05 Sep 2010 01:58:01 +0200