[Bug 291531] Re: [CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
Launchpad Bug Tracker
291531 at bugs.launchpad.net
Wed Jan 21 14:47:55 UTC 2009
This bug was fixed in the package mantis - 1.1.2+dfsg-8ubuntu0.1
---------------
mantis (1.1.2+dfsg-8ubuntu0.1) intrepid-security; urgency=low
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)
-- Andrew Starr-Bochicchio <a.starr.b at gmail.com> Thu, 11 Dec 2008
16:02:23 -0500
** Changed in: mantis (Ubuntu Intrepid)
Status: Fix Committed => Fix Released
--
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list