[ubuntu/natty-security] mantis_1.1.8+dfsg-10squeeze1build0.11.04.1_i386_translations.tar.gz, mantis 1.1.8+dfsg-10squeeze1build0.11.04.1 (Accepted)

Marc Deslauriers Thu, 15 Sep 2011 07:03:47 -0700

mantis (1.1.8+dfsg-10squeeze1build0.11.04.1) natty-security; urgency=low

  * fake sync from Debian


mantis (1.1.8+dfsg-10squeeze1) stable-security; urgency=high

  * Urgency high: Fixes critical LFI/XSS vulnerabilites (BTS #640297)
    1) XSS injection via PHP_SELF : not affected
    2) LFI and XSS via bug_actiongroup pages: fixed
    3) Projax XSS issues with unescaped parameters: not affected
  * debian/patches:
   + added: Multiple vulnerabilities (LFI/XSS injection)
     Thanks to David Hicks, MantisBT developer.
     11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
     12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff

Date: Thu, 15 Sep 2011 08:13:36 -0400
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Silvia Alvarez <[email protected]>
https://launchpad.net/ubuntu/natty/+source/mantis/1.1.8+dfsg-10squeeze1build0.11.04.1

Format: 1.8
Date: Thu, 15 Sep 2011 08:13:36 -0400
Source: mantis
Binary: mantis
Architecture: source
Version: 1.1.8+dfsg-10squeeze1build0.11.04.1
Distribution: natty-security
Urgency: high
Maintainer: Silvia Alvarez <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description: 
 mantis     - web-based bug tracking system
Changes: 
 mantis (1.1.8+dfsg-10squeeze1build0.11.04.1) natty-security; urgency=low
 .
   * fake sync from Debian
 .
 mantis (1.1.8+dfsg-10squeeze1) stable-security; urgency=high
 .
   * Urgency high: Fixes critical LFI/XSS vulnerabilites (BTS #640297)
     1) XSS injection via PHP_SELF : not affected
     2) LFI and XSS via bug_actiongroup pages: fixed
     3) Projax XSS issues with unescaped parameters: not affected
   * debian/patches:
    + added: Multiple vulnerabilities (LFI/XSS injection)
      Thanks to David Hicks, MantisBT developer.
      11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
      12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
Checksums-Sha1: 
 855ea73285f5ef2d66e69f06ad7ae1244ac70a08 1842 
mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.dsc
 fa9c79bb6aecdb414e8ac516df6558e1248ae2b9 56098 
mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.debian.tar.gz
Checksums-Sha256: 
 70b9431a2dbf0446dd859611b50c9c47f5779f712ecd0c3d3292730a2f58c3c4 1842 
mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.dsc
 6c0087bd80c81d0431b9fedc3e6fdd7307ce27a920f3d31390b33510b2893ab7 56098 
mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.debian.tar.gz
Files: 
 6b4a9d147ea9bf096afc761bb1d831b2 1842 web optional 
mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.dsc
 9528fdef78debb58af24fccc4236c8a8 56098 web optional 
mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.debian.tar.gz

-- 
Natty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/natty-changes

[ubuntu/natty-security] mantis_1.1.8+dfsg-10squeeze1build0.11.04.1_i386_translations.tar.gz, mantis 1.1.8+dfsg-10squeeze1build0.11.04.1 (Accepted)

Reply via email to