[ubuntu/natty-security] mantis_1.1.8+dfsg-10squeeze1build0.11.04.1_i386_translations.tar.gz, mantis 1.1.8+dfsg-10squeeze1build0.11.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Sep 15 14:03:39 UTC 2011 

mantis (1.1.8+dfsg-10squeeze1build0.11.04.1) natty-security; urgency=low

  * fake sync from Debian

mantis (1.1.8+dfsg-10squeeze1) stable-security; urgency=high

  * Urgency high: Fixes critical LFI/XSS vulnerabilites (BTS #640297)
    1) XSS injection via PHP_SELF : not affected
    2) LFI and XSS via bug_actiongroup pages: fixed
    3) Projax XSS issues with unescaped parameters: not affected
  * debian/patches:
   + added: Multiple vulnerabilities (LFI/XSS injection)
     Thanks to David Hicks, MantisBT developer.
     11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
     12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff

Date: Thu, 15 Sep 2011 08:13:36 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Silvia Alvarez <sils at powered-by-linux.com>
https://launchpad.net/ubuntu/natty/+source/mantis/1.1.8+dfsg-10squeeze1build0.11.04.1
-------------- next part --------------
Format: 1.8
Date: Thu, 15 Sep 2011 08:13:36 -0400
Source: mantis
Binary: mantis
Architecture: source
Version: 1.1.8+dfsg-10squeeze1build0.11.04.1
Distribution: natty-security
Urgency: high
Maintainer: Silvia Alvarez <sils at powered-by-linux.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 mantis     - web-based bug tracking system
Changes: 
 mantis (1.1.8+dfsg-10squeeze1build0.11.04.1) natty-security; urgency=low
 .
   * fake sync from Debian
 .
 mantis (1.1.8+dfsg-10squeeze1) stable-security; urgency=high
 .
   * Urgency high: Fixes critical LFI/XSS vulnerabilites (BTS #640297)
     1) XSS injection via PHP_SELF : not affected
     2) LFI and XSS via bug_actiongroup pages: fixed
     3) Projax XSS issues with unescaped parameters: not affected
   * debian/patches:
    + added: Multiple vulnerabilities (LFI/XSS injection)
      Thanks to David Hicks, MantisBT developer.
      11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
      12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
Checksums-Sha1: 
 855ea73285f5ef2d66e69f06ad7ae1244ac70a08 1842 mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.dsc
 fa9c79bb6aecdb414e8ac516df6558e1248ae2b9 56098 mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.debian.tar.gz
Checksums-Sha256: 
 70b9431a2dbf0446dd859611b50c9c47f5779f712ecd0c3d3292730a2f58c3c4 1842 mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.dsc
 6c0087bd80c81d0431b9fedc3e6fdd7307ce27a920f3d31390b33510b2893ab7 56098 mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.debian.tar.gz
Files: 
 6b4a9d147ea9bf096afc761bb1d831b2 1842 web optional mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.dsc
 9528fdef78debb58af24fccc4236c8a8 56098 web optional mantis_1.1.8+dfsg-10squeeze1build0.11.04.1.debian.tar.gz

More information about the Natty-changes mailing list