Package: mantis
Severity: grave
Tags: security
Justification: user security hole
mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
the latest DSA upload that fixed several others:
- 0006097: [security] user ID is cached indefinately (thraxisp)
- 0006189: [security] List of users (in filter) visible for unauthorized users.
(thraxisp)
Besides that there was a CVE assignment (CAN-2005-3091) for a
Cross-Site-Scripting
vulnerability that refers the Mantis bug 5751, for which I can't find a
referenced
fix in the 0.19.2-4 changelog as well.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
