[Bug 291531] Re: multiple security vulnerabilites
Andrew Starr-Bochicchio
a.starr.b at gmail.com
Thu Dec 11 21:20:18 UTC 2008
Fix for intrepid attached, motu-sru subscribed
mantis (1.1.2+dfsg-8ubuntu0.1) intrepid-proposed; urgency=low
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)
** Changed in: mantis (Ubuntu)
Importance: Undecided => High
--
multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list