Comment 4 for bug 291531
Revision history for this message
| Andrew Starr-Bochicchio (andrewsomething) wrote Re: multiple security vulnerabilites | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Fix for intrepid attached, motu-sru subscribed
mantis (1.1.2+
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)