On Sat, June 16, 2012 00:40, s...@powered-by-linux.com wrote: > Hi Team, > > I had prepared a new security-stable version for mantis package to fix > some new CVE's, and I found out that CVE-2011-3578 [1], patched on mantis > 1.1.8+dfsg-10squeeze1, from 2011, was not yet updated in the security > tracker. > > The CVE-2011-3578 was not yet assigned when the security package, > including the patch [2], > 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff [3], was uploaded > and fixed. > > Please, could you update the tracker and fix it?
Yes, I updated it. Will you add the CVE to squeeze1's changelog, for posterity? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cb87fba3202378c82f3a84b5e85e6544.squir...@wm.kinkhorst.nl