On 10/24/2010 07:36 PM, Adam D. Barratt wrote:
On Sun, 2010-10-24 at 18:53 +0200, sils wrote:
Attached you will find the diff between mantis_1.1.6+dfsg-2lenny2
(currently in s-p-u) and mantis_1.1.6+dfsg-2lenny3 with the fix for
CVE-2010-3303.
I did not uploaded any package until receive a confirmation or
guidelines from the release team about how to proceed.
Have you confirmed with the security team that they do not wish to
resolve this via a DSA? I realise that the previous XSS issues were
fixed via p-u, but
http://security-tracker.debian.org/tracker/CVE-2010-3303 is not
currently marked "no DSA".
OK, I'm going to check out with DSA and let you know.
Thanks
Sils
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
