mantis 1.1.8+dfsg-10squeeze2build0.11.04.1 source package in Ubuntu


mantis (1.1.8+dfsg-10squeeze2build0.11.04.1) natty-security; urgency=low

  * fake sync from Debian

mantis (1.1.8+dfsg-10squeeze2) stable-security; urgency=high

  * Urgency high: Fixes some CVE's
    - CVE-2011-3578: Added this note as history update.
      This issue was really fixed in '1.1.8+dfsg-10squeeze1' upload
      (via 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff patch)
      but there were no CVE ID assigned in that moment, so there are no
      references to in the changelog. The issue on the Security Tracker
      was manually updated thanks to Thijs Kinkhorst <email address hidden>.
    - CVE-2012-1118: Array value for $g_private_bug_threshold
      configuration option allows bypass of access. (Closes: #669924)
    - CVE-2012-1119: copy/clone bug report action failed to leave an
      audit trail. (Closes: #669928)
    - CVE-2012-1120: Delete_bug_threshold/bugnote_allow_user_edit_delete
      access check bypass. (Closes: #669925)
    - CVE-2012-1121: mantis 1.1.8 is not affected by this issue.
      (Closes: #669926)
    - CVE-2012-1122: Incorrect access checks performed when moving
      bugs between projects. (Closes: #669927)
    - CVE-2012-1123: SOAP API null password authentication bypass
      (Closes: #669930)
    - CVE-2012-2691: Reporters can update notes of other users by using
      SOAP API. This bug does not affect mantis package in squeeze.
      Affected function 'mc_issue_note_update' is not implemented in
      mantis 1.1.8 version.
    - CVE-2012-2692: delete_attachments_threshold not checked on
      attachment deletion. Thanks to David Hicks <email address hidden>
 -- Jamie Strandboge <email address hidden>   Fri, 29 Jun 2012 07:28:16 -0500

Upload details

Uploaded by:
Jamie Strandboge on 2012-06-29
Uploaded to:
Original maintainer:
Silvia Alvarez
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section


Natty: [FULLYBUILT] i386


File Size SHA-256 Checksum
mantis_1.1.8+dfsg.orig.tar.gz 1.9 MiB 350885db48f6298f6d956871777219b011331e9a413bd3e8a4e748fa1be3f573
mantis_1.1.8+dfsg-10squeeze2build0.11.04.1.debian.tar.gz 59.8 KiB 854bec9c7f031618eb8490b32002003f963409191153c9e4e6fb87df926dd049
mantis_1.1.8+dfsg-10squeeze2build0.11.04.1.dsc 1.8 KiB 7eca04825adc92f08e2409e5099225360dbca68a792eef404feac117661e0452

View changes file

Binary packages built by this source

mantis: No summary available for mantis in ubuntu natty.

No description available for mantis in ubuntu natty.