[Bug 291531] Re: multiple security vulnerabilites
** Changed in: mantis (Ubuntu Intrepid) Importance: Undecided => High Status: New => Confirmed ** Summary changed: - multiple security vulnerabilites + [CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites -- [CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 291531] Re: multiple security vulnerabilites
Subscribing motu-swat as well. (Off topic: Shouldn't they be subscribed automatically to security bugs in universe as opposed to ubuntu-security who as I understand focus on main?) -- multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 291531] Re: multiple security vulnerabilites
Fix for intrepid attached, motu-sru subscribed mantis (1.1.2+dfsg-8ubuntu0.1) intrepid-proposed; urgency=low * Backport security fixes from Debian. (LP: #291531) - CVE-2008-4689: Mantis does not unset the session cookie during the logout. - CVE-2008-4688: Mantis does not check the privileges of the viewer before composing a link with issue data in the source anchor. * Backport patch from Debian which fixes user registration (was broken by the patches for CVE-2008-4689) ** Changed in: mantis (Ubuntu) Importance: Undecided => High -- multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 291531] Re: multiple security vulnerabilites
** Attachment added: "mantis_1.1.2+dfsg-8ubuntu0.1.debdiff" http://launchpadlibrarian.net/20370156/mantis_1.1.2%2Bdfsg-8ubuntu0.1.debdiff -- multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 291531] Re: multiple security vulnerabilites
These are fixed in Jaunty so marking "Fix Released." Opening an Intrepid task, to backport the fixes there. mantis (1.1.2+dfsg-10) unstable; urgency=high * Urgency high because it fixes a severity important problem introduced by a security fix. * Add upstream patch which fixes user registration (was broken by the patches for CVE-2008-4689) (Closes: #503668) ** Changed in: mantis (Ubuntu) Status: New => Fix Released -- multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 291531] Re: multiple security vulnerabilites
Sorry, is nobody interested in fixing this? -- multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 291531] Re: multiple security vulnerabilites
** Visibility changed to: Public -- multiple security vulnerabilites https://bugs.launchpad.net/bugs/291531 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs