Comment 11 for bug 291531

This bug was fixed in the package mantis - 1.1.2+dfsg-8ubuntu0.1

---------------
mantis (1.1.2+dfsg-8ubuntu0.1) intrepid-security; urgency=low

  * Backport security fixes from Debian. (LP: #291531)
   - CVE-2008-4689: Mantis does not unset the session cookie
     during the logout.
   - CVE-2008-4688: Mantis does not check the privileges of the
     viewer before composing a link with issue data in the source
     anchor.
  * Backport patch from Debian which fixes user registration (was
    broken by the patches for CVE-2008-4689)

 -- Andrew Starr-Bochicchio <email address hidden> Thu, 11 Dec 2008 16:02:23 -0500