Re: Please help with discrepancies in CVE-2011-3578
Hi, On 06/16/2012 01:09 PM, Thijs Kinkhorst wrote: > On Sat, June 16, 2012 00:40, s...@powered-by-linux.com wrote: >> Hi Team, >> >> I had prepared a new security-stable version for mantis package to fix >> some new CVE's, and I found out that CVE-2011-3578 [1], patched on mantis >> 1.1.8+dfsg-10squeeze1, from 2011, was not yet updated in the security >> tracker. >> >> The CVE-2011-3578 was not yet assigned when the security package, >> including the patch [2], >> 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff [3], was uploaded >> and fixed. >> >> Please, could you update the tracker and fix it? > > Yes, I updated it. > > Will you add the CVE to squeeze1's changelog, for posterity? > Done [0] Thanks. [0] http://anonscm.debian.org/gitweb/?p=collab-maint/mantis.git;a=commitdiff;h=c8c3280f5a29a11770f1eff77a5eb34d3b40b9e7 -- Dario Minnucci Phone: +34 902884117 | Fax: +34 902024417 | Support: +34 80745 Key fingerprint = BAA1 7AAF B21D 6567 D457 D67D A82F BB83 F3D5 7033 signature.asc Description: OpenPGP digital signature
Re: Please help with discrepancies in CVE-2011-3578
On Sat, 16 Jun 2012 13:09:43 +0200, "Thijs Kinkhorst" wrote: >> The CVE-2011-3578 was not yet assigned when the security package, >> including the patch [2], >> 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff [3], was uploaded >> and fixed. >> >> Please, could you update the tracker and fix it? > Yes, I updated it. Thanks a lot for your help. > Will you add the CVE to squeeze1's changelog, for posterity? Done. I'm preparing mantis_1.1.8+dfsg-10squeeze2 to fix some others CVEs, changelog updated! :-) Cheers, Sils -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/13ed63001c6f17130d91478833ea72c7@localhost
Re: Please help with discrepancies in CVE-2011-3578
On Sat, June 16, 2012 00:40, s...@powered-by-linux.com wrote: > Hi Team, > > I had prepared a new security-stable version for mantis package to fix > some new CVE's, and I found out that CVE-2011-3578 [1], patched on mantis > 1.1.8+dfsg-10squeeze1, from 2011, was not yet updated in the security > tracker. > > The CVE-2011-3578 was not yet assigned when the security package, > including the patch [2], > 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff [3], was uploaded > and fixed. > > Please, could you update the tracker and fix it? Yes, I updated it. Will you add the CVE to squeeze1's changelog, for posterity? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cb87fba3202378c82f3a84b5e85e6544.squir...@wm.kinkhorst.nl
Please help with discrepancies in CVE-2011-3578
Hi Team, I had prepared a new security-stable version for mantis package to fix some new CVE's, and I found out that CVE-2011-3578 [1], patched on mantis 1.1.8+dfsg-10squeeze1, from 2011, was not yet updated in the security tracker. The CVE-2011-3578 was not yet assigned when the security package, including the patch [2], 12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff [3], was uploaded and fixed. Please, could you update the tracker and fix it? Thanks in advance, Regards, Sils PS: please CC me, I'm not subscribed on the list. [1] http://security-tracker.debian.org/tracker/CVE-2011-3578 [2] http://packages.debian.org/changelogs/pool/main/m/mantis/mantis_1.1.8+dfsg-10squeeze1/changelog#version1.1.8_dfsg-10squeeze1 [3] http://patch-tracker.debian.org/package/mantis/1.1.8+dfsg-10squeeze1 -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/439276f3a0145693b71a312a110793c7@localhost