Thijs Kinkhorst wrote:
> On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote:
> > For stable:
> > I've extracted the right patch from the unstable version (which has been
> > present without any bugreports since the end of October), and that is
> > attached. I've also prepared updated packages
reopen 335997
found 335997 0.9.7-2
thanks
Hello Pierre,
Sorry, didn't have time to get back to this earlier. I've verified that
unstable is indeed completely fixed for CVE-2005-3334 (which contains
some typos in the names of the affected variables).
> Though, please note that this XSS vulneratib
On Tue, Dec 20, 2005 at 12:42:40AM +0100, Pierre Habouzit wrote:
> Le Lun 19 Décembre 2005 22:15, Steve Langasek a écrit :
> > On Mon, Dec 19, 2005 at 04:47:50PM +0100, Pierre Habouzit wrote:
> > > > > Moreover the current version has some problems that I'd not
> > > > > like to see enter testing a
Le Lun 19 Décembre 2005 22:15, Steve Langasek a écrit :
> On Mon, Dec 19, 2005 at 04:47:50PM +0100, Pierre Habouzit wrote:
> > > > Moreover the current version has some problems that I'd not
> > > > like to see enter testing at all.
> > >
> > > Current testing has an RC security bug. If those issue
On Mon, Dec 19, 2005 at 04:47:50PM +0100, Pierre Habouzit wrote:
> > > Moreover the current version has some problems that I'd not like to
> > > see enter testing at all.
> > Current testing has an RC security bug. If those issues you mention
> > are also RC, I suggest you document them in the BTS
Le Lun 19 Décembre 2005 17:02, Pierre Habouzit a écrit :
> Le Lun 19 Décembre 2005 16:54, Thijs Kinkhorst a écrit :
> > On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote:
> > > -6 is the package that will fix all that should be, and it'll
> > > enter etch in 10 days from now.
> >
> > Great,
Le Lun 19 Décembre 2005 16:54, Thijs Kinkhorst a écrit :
> On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote:
> > -6 is the package that will fix all that should be, and it'll enter
> > etch in 10 days from now.
>
> Great, my interest is that the problem is addressed in the best way
> possib
On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote:
> -6 is the package that will fix all that should be, and it'll enter etch
> in 10 days from now.
Great, my interest is that the problem is addressed in the best way
possible :) What about stable, do you want to prepare new updated
package
Le Lun 19 Décembre 2005 16:42, Thijs Kinkhorst a écrit :
> On Mon, 2005-12-19 at 16:26 +0100, Pierre Habouzit wrote:
> > > > Multiple Cross-Site-Scripting vulnerabilties have been found in
> > > > Flyspray. Have a look at
> > > > http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multipl
> > >
On Mon, 2005-12-19 at 16:26 +0100, Pierre Habouzit wrote:
> > > Multiple Cross-Site-Scripting vulnerabilties have been found in
> > > Flyspray. Have a look at
> > > http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-va
> > >riable.html for more details. This has been assigned CVE-2005
Le Lun 19 Décembre 2005 13:41, Thijs Kinkhorst a écrit :
> close 335997 0.9.8-4
> tags 335997 patch
> thanks
>
> > Multiple Cross-Site-Scripting vulnerabilties have been found in
> > Flyspray. Have a look at
> > http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-va
> >riable.html for
On Mon, 2005-12-19 at 15:04 +0100, Florian Weimer wrote:
> * Thijs Kinkhorst:
>
> > For the testing (etch) and unstable distribution (sid) this problem has
> > been fixed in version 0.9.8-5.
>
> > close 335997 0.9.8-4
>
> -4 or -5?
The changelog for -4 lists the fix ("* Branch pull from upstrea
* Thijs Kinkhorst:
> For the testing (etch) and unstable distribution (sid) this problem has
> been fixed in version 0.9.8-5.
> close 335997 0.9.8-4
-4 or -5?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote:
> For stable:
> I've extracted the right patch from the unstable version (which has been
> present without any bugreports since the end of October), and that is
> attached. I've also prepared updated packages here:
> http://www.a-eskwadraat.
close 335997 0.9.8-4
tags 335997 patch
thanks
> Multiple Cross-Site-Scripting vulnerabilties have been found in
> Flyspray. Have a look at
> http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html
> for more details. This has been assigned CVE-2005-3334, please mention so i
Package: flyspray
Severity: grave
Tags: security
Justification: user security hole
Multiple Cross-Site-Scripting vulnerabilties have been found in
Flyspray. Have a look at
http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html
for more details. This has been assigned CVE-2
16 matches
Mail list logo