-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 11:53:54 +0100 Source: mantis Binary: mantis Architecture: source all Version: 1.1.2+dfsg-9 Distribution: unstable Urgency: high Maintainer: Patrick Schoenfeld <[EMAIL PROTECTED]> Changed-By: Patrick Schoenfeld <[EMAIL PROTECTED]> Description: mantis - web-based bug tracking system Closes: 503588 Changes: mantis (1.1.2+dfsg-9) unstable; urgency=high . * Urgency high because it fixes security issues. * Fix security vulnerabilites by applying upstream patches: + CVE-2008-4689: Mantis does not unset the session cookie during the logout. + CVE-2008-4688: Mantis does not check the privileges of the viewer before composing a link with issue data in the source anchor. (Closes: #503588) Checksums-Sha1: b567c86dee579ff80e004fa5f927e26f87f7690b 1184 mantis_1.1.2+dfsg-9.dsc 77eecfc4f9e7f5067b2c3bd8e1a4d9ca21c5ba6b 46136 mantis_1.1.2+dfsg-9.diff.gz 0425ae0f3aca77976127b71510451963a1962561 1857684 mantis_1.1.2+dfsg-9_all.deb Checksums-Sha256: db4eb3789f7904907aefbe0af9b617de7f6c94a5af5e0206b42f01571cb6d2cb 1184 mantis_1.1.2+dfsg-9.dsc 4f390de0cbc15a081e59bddd4e95cb7edb2aa265d591b15c9dae1b8d647f3cfc 46136 mantis_1.1.2+dfsg-9.diff.gz 1fc22dbee88c825f23a8b2946fa1d040395ac9756058a93761dc8a7d4267e470 1857684 mantis_1.1.2+dfsg-9_all.deb Files: aef9b13d2a704140a25e995337fef054 1184 web optional mantis_1.1.2+dfsg-9.dsc 5e678ea6c55fa530fb02b07ccea82103 46136 web optional mantis_1.1.2+dfsg-9.diff.gz 971b47cfd6c22f76f43c44ba2bcfb6c7 1857684 web optional mantis_1.1.2+dfsg-9_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkFoiAACgkQbdB4RPTVesq0GwCcC6wg4z+0Owz9LTzImuGH0PMP 6CkAn2vvguWcGSVOGVFy5Q7bYX4fXVL2 =J77O -----END PGP SIGNATURE----- Accepted: mantis_1.1.2+dfsg-9.diff.gz to pool/main/m/mantis/mantis_1.1.2+dfsg-9.diff.gz mantis_1.1.2+dfsg-9.dsc to pool/main/m/mantis/mantis_1.1.2+dfsg-9.dsc mantis_1.1.2+dfsg-9_all.deb to pool/main/m/mantis/mantis_1.1.2+dfsg-9_all.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]