found 595510 1.1.8+dfsg-5 found 595510 1.1.6+dfsg-2lenny1 forwarded 595510 http://www.mantisbt.org/bugs/view.php?id=12230 tag 595510 +patch thanks
Hi all, Sorry, it was a misunderstanding. As referenced in [0], reported by Secunia, SA40832 [1] (which refers to (CVE-2010-2574 [2]), there is an XSS vulnerability when deleting (not when adding) categories that have been maliciously named. The bug seems to be fixed on upstream's git repository [3], I am working to solve it ASAP. The bug report is applicable to all distributed versions of mantis in Debian, sorry for the confusion. Thanks all for your time. PS: thanks Oliver for your 2 cents. [0] http://www.mantisbt.org/bugs/view.php?id=12230 [1] http://secunia.com/advisories/40832/ [2] http://secunia.com/advisories/cve_reference/CVE-2010-2574/ [3] http://git.mantisbt.org/?p=mantisbt.git;a=commitdiff;h=083c34f06ca927b16e781bae3ae324f450c35ea4
signature.asc
Description: OpenPGP digital signature