Hello, I'm writing on behalf of the Debian project; we're addressing the recent security issues in Mantis. One of the things that still need to be done is to fix the version in "woody", our old stable release, which is at version 0.17.1. Following Debian security policy, we're backporting any relevant fixes to that branch.
To judge what a bug is actually about, we rely on the description provided by upstream (you). However, some bugs are still "access denied" for us, even though they are already fixed in your release. It concerns the following bugs: #5959 (CVE-2005-3337) #6273 (CVE-2005-3335) #6275 (CVE-2005-3336) We currently assert that woody is not vulnerable to these bugs. I would like to request to open up those bugs to the public to allow us to get a better view of the vulnerabilities. If you could confirm that 0.17.1 is not vulnerable to these bugs, that would also suffice. Thanks in advance. Thijs Kinkhorst