** Changed in: debian
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/291531
Title:
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
To
** Branch linked: lp:ubuntu/intrepid-updates/mantis
--
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ub
This bug was fixed in the package mantis - 1.1.2+dfsg-8ubuntu0.1
---
mantis (1.1.2+dfsg-8ubuntu0.1) intrepid-security; urgency=low
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-
I'm not sure how these things are handled in *-backports, but
1.1.2+dfsg-8~hardy1 in hardy-backports is definitely affected.
1.0.8-4 in hardy, 1.0.7+dfsg-1 in gutsy, and 0.19.4-2 in dapper may very
well be affected as well. The CVE describes the issue as affecting
"Mantis before 1.1.3 " I have not
Thanks!
Package is building for Intrepid.
Is Dapper, Gutsy or Hardy affected by these issues?
** Changed in: mantis (Ubuntu Intrepid)
Status: In Progress => Fix Committed
--
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You recei
** Attachment added: "mantis_1.1.2+dfsg-8ubuntu0.1.updated.debdiff"
http://launchpadlibrarian.net/21481688/mantis_1.1.2%2Bdfsg-8ubuntu0.1.updated.debdiff
** Changed in: mantis (Ubuntu Intrepid)
Status: Confirmed => In Progress
--
[CVE-2008-4688] [CVE-2008-4689] multiple security vuln
Also, after you submit the revised debdiff, could you please change the
status of this bug back to "In Progress" so we'll get a notification.
Thanks.
--
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You received this bug notification becau
Thanks for the debdiff!
I'm reviewing the debdiff you included for Intrepid. Could you please change
the following so I can release it:
- Change the pocket to "intrepid-security"
- Tag the patches including a URL so I can see where the patch came from
(see https://wiki.ubuntu.com/UbuntuDevelopme
** Changed in: mantis (Ubuntu Intrepid)
Status: Confirmed => In Progress
--
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
