* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)
Fix for intrepid attached, motu-sru subscribed
mantis (1.1.2+ dfsg-8ubuntu0. 1) intrepid-proposed; urgency=low
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)