Your message dated Wed, 13 Oct 2010 19:03:30 +0000
with message-id <[email protected]>
and subject line Bug#599710: fixed in mantis 1.1.8+dfsg-8
has caused the Debian Bug report #599710,
regarding CVE-2010-3303
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
599710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599710
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mantis
Severity: grave
Tags: security
Out of the six security issues fixed in mantis 1.2.3, two
have already been fixed in Squeeze/sid. The four remaining
XSS issues have been assigned CVE-2010-3303. Please see
the following link in the Red Hat BTS for details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3303
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages mantis depends on:
pn apache2 | httpd <none> (no description available)
pn dbconfig-common <none> (no description available)
ii debconf 1.5.35 Debian configuration management sy
pn libapache2-mod-php5 | php5-cl <none> (no description available)
pn libphp-adodb <none> (no description available)
pn libphp-phpmailer <none> (no description available)
ii ucf 3.0025 Update Configuration File: preserv
Versions of packages mantis recommends:
pn mysql-client <none> (no description available)
pn php5-mysql <none> (no description available)
Versions of packages mantis suggests:
pn mysql-server <none> (no description available)
pn php5-cli <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: mantis
Source-Version: 1.1.8+dfsg-8
We believe that the bug you reported is fixed in the latest version of
mantis, which is due to be installed in the Debian FTP archive:
mantis_1.1.8+dfsg-8.debian.tar.gz
to main/m/mantis/mantis_1.1.8+dfsg-8.debian.tar.gz
mantis_1.1.8+dfsg-8.dsc
to main/m/mantis/mantis_1.1.8+dfsg-8.dsc
mantis_1.1.8+dfsg-8_all.deb
to main/m/mantis/mantis_1.1.8+dfsg-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dario Minnucci <[email protected]> (supplier of updated mantis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 13 Oct 2010 17:42:04 +0200
Source: mantis
Binary: mantis
Architecture: source all
Version: 1.1.8+dfsg-8
Distribution: unstable
Urgency: medium
Maintainer: Silvia Alvarez <[email protected]>
Changed-By: Dario Minnucci <[email protected]>
Description:
mantis - web-based bug tracking system
Closes: 599710 599846
Changes:
mantis (1.1.8+dfsg-8) unstable; urgency=medium
.
* debian/patches/09-CVE-2010-3303-04-and-05.diff:
Fixes for CVE-2010-3303 (4) and (5) vulnerabilities.
Note: Mantis debian packages (1.1.6 and 1.1.8) are not affected
for vulnerabilities described as 1, 2 and 3 at
http://security-tracker.debian.org/tracker/CVE-2010-3303
(Closes: #599710)
* debian/po/cs.po: Updated. (Closes: #599846)
Thanks to Miroslav Kure <[email protected]>
Checksums-Sha1:
54af137396f2a05aa9da9a18d6e81688ed54988c 1750 mantis_1.1.8+dfsg-8.dsc
2ca5f7895abecaa94d69416095c6381341cfa423 51530
mantis_1.1.8+dfsg-8.debian.tar.gz
0640c6b8cf385437b0627454e8bc1c7bba2dfc54 1742978 mantis_1.1.8+dfsg-8_all.deb
Checksums-Sha256:
2f0595e7164785bccecbed35229fa999d78e1c4947285168f1a23cc502c8b15a 1750
mantis_1.1.8+dfsg-8.dsc
8f820637948e92e5037458872e17a71960eb4aa7e1f301d48d767efc4faf7181 51530
mantis_1.1.8+dfsg-8.debian.tar.gz
2a1851fd537edb93ae9e35ec7a9bc41692e4fabe451a4be0010fb4d4d4835a26 1742978
mantis_1.1.8+dfsg-8_all.deb
Files:
35f1ad0d126701320ac5fcca8ea91bf3 1750 web optional mantis_1.1.8+dfsg-8.dsc
41f88b13af6a658ec2409574a607346c 51530 web optional
mantis_1.1.8+dfsg-8.debian.tar.gz
8e71e64ece2c6eba35e4f48f34085585 1742978 web optional
mantis_1.1.8+dfsg-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJMtf2sAAoJEKgvu4Pz1XAza1cQAJgL/nDmggZRExWvzdTJXw0L
LH0tZBgkm17a/qSRa8OPQI+0JZ3Xv/hKvN8Jn2UIvopOWOBY2lM7BDRDjWUHqtkH
0HegG+92b3OmIrrdEicMyFjiWlhJNHiyWdo13KoiAaw2wFZ74SO3Cw/pkvuVHgxO
st9h5UEbXgqhIkctXHR4QjtvTEtIhJ/pUsZNMj75AmcXZ2OF5b58TILXrbZlZaVF
RCV/dEODfZ1d7PsmmZ9Qt5hfHHJubzirRwy91+WuPSQLrPZWmhOe/ajPGWYed10x
wOgynafV7Cado9wKnBdt2fIG30oF1kuMUTQh4mij4byZfjKwLp5mmcy0EW16Y04T
YNZeAJzAtoYwP76RYucfnyybFheE/Z0fbW/E+skRo3I6PzV86ir+zPOkdvKWr9En
R17pAedLTnyj6xZz7aTWK+ZjDLyH1dCSeNMPtQ0UZ8T/lu0tou6AUYffoCG3jkcn
Bu5K3Rhe8Bf4+XmakY1fJIFVNx52LpgJQrTVA50FCSuiA/Efj/iKClPkQA8nZQpr
xkqirTjYfrqD23izRfwIHq2/8WMvlZz3QGHdEOqNeTTL1ZnaZ9yoPcdrihiSEnC2
6NTxIYjd3Roio5OoMVirDMzdIZTSiMi0tTEoFY8p6I3WsJdCj1kShHfxb5CWlRv6
RCAj2x6OGyciKazFA+N5
=x5RV
-----END PGP SIGNATURE-----
--- End Message ---