On Sat, 2010-10-30 at 12:23 +0200, sils wrote: > Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3 > (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for > CVE-2010-3763 [1]. > > Fixed in version mantis/1.1.8+dfsg-9 (unstable) [2]
That's the second one in less than a week. :-( Has anyone conducted a proper review of the code to see how many more of these issues might be lurking? Whilst I'm happy to fix such issues in stable, it would be nice not to have to keep approving changes that look remarkably similar to the previous few updates. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
