Accepted mantis 0.19.2-5sarge5 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 09 Jan 2008 10:24:53 +0100
Source: mantis
Binary: mantis
Architecture: source all
Version: 0.19.2-5sarge5
Distribution: oldstable-security
Urgency: high
Maintainer: Igor Genibel <igenibel@debian.org>
Changed-By: Patrick Schoenfeld <schoenfeld@in-medias-res.com>
Description:
mantis - web-based bug tracking system
Closes: 402802 458377
Changes:
mantis (0.19.2-5sarge5) oldstable-security; urgency=high
.
* Maintainer upload for the security team
* Fixed security issue CVE-2007-6611: "Upload File" Script
insertion vulnerability by applying the patch from sid.
(Closes: #458377)
* Fixed security issue CVE-2006-6574: Custom Field Information Disclosure by
backporting changes in history_api.php from sid
(Closes: #402802)
* Fixed security issue: Email notifications bypass security on custom fields
* Fixed multiple XSS vulnerabilites by backporting changes from upstream
version 1.0.7
Files:
176c95ad5f1142fcb9364540fd19eeea 874 web optional mantis_0.19.2-5sarge5.dsc
b1c5f077e0046c5b33d77e99a2b4ffe5 46292 web optional mantis_0.19.2-5sarge5.diff.gz
5708305cbd20cde4825b3adb7d72d3a1 898014 web optional mantis_0.19.2-5sarge5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR4sVoWz0hbPcukPfAQJqMQf/QuiGvAL5OS//Vg5H8YmnYUHujP+I9qe7
eYaTODpsm6N8XhrUYYeiPO92bDYF8IfPJF+Novb2n/2qVoo/q5mV/UcYxeA3m2sw
p0/JdTZIFexifKN5Z/dsK36JH3UOQxSbTzJB5NrNMtypKS9wAkemk0M8EJynKWb+
Te6qdnQNDDAGkNBUBog99xaRz3cqhUCx+Um3pbEO60igzwwoEMb2d4yi1XEqJiKF
qR0HQtu8DnYrMyZ832QOY+56Ju4qY6xfn+RxCqqyu6LmeEI1cUY72VI2t7IuWNKA
Dr2WdF10Eutg958hb1tXCkpgXz1xfxNMDw/YQ8AHQliSJ0UkHun/FA==
=kp5F
-----END PGP SIGNATURE-----
Accepted:
mantis_0.19.2-5sarge5.diff.gz
to pool/main/m/mantis/mantis_0.19.2-5sarge5.diff.gz
mantis_0.19.2-5sarge5.dsc
to pool/main/m/mantis/mantis_0.19.2-5sarge5.dsc
mantis_0.19.2-5sarge5_all.deb
to pool/main/m/mantis/mantis_0.19.2-5sarge5_all.deb