[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
** Changed in: mantis Status: Unknown = Fix Released -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
** Branch linked: lp:ubuntu/hardy-security/mantis -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
I was wondering if the other CVEs should be done at the same time, or is this one enough? I won't have time to do the others until later this week or next weekend. -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
I think that this one i enough. Sponsors, just upload. -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Thanks for the patch! This is building in the security queue now. ** Also affects: mantis (Ubuntu Intrepid) Importance: Undecided Status: New ** Changed in: mantis (Ubuntu Intrepid) Status: New = Invalid ** Changed in: mantis (Ubuntu Hardy) Assignee: Micah Gersten (micahg) = (unassigned) ** Changed in: mantis (Ubuntu Hardy) Status: Confirmed = Fix Committed ** Bug watch added: Mantis Bug Tracker #9704 http://www.mantisbt.org/bugs/view.php?id=9704 ** Changed in: mantis Remote watch: Mantis Bug Tracker #0009704 = Mantis Bug Tracker #9704 -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
This bug was fixed in the package mantis - 1.0.8-4ubuntu0.1 --- mantis (1.0.8-4ubuntu0.1) hardy-security; urgency=low * Fix CVE-2008-4687 - Closes (LP: #481631) - add debian/patches/06-fix-cve-2008-4687.dpatch - update debian/patches/00list -- Micah Gersten mic...@ubuntu.com Fri, 01 Jan 2010 03:12:52 -0600 ** Changed in: mantis (Ubuntu Hardy) Status: Fix Committed = Fix Released -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
** Bug watch added: Mantis Bug Tracker #0009704 http://www.mantisbt.org/bugs/view.php?id=0009704 ** Also affects: mantis via http://www.mantisbt.org/bugs/view.php?id=0009704 Importance: Unknown Status: Unknown -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
I take it back, I based my previous comment on the versions, but it seems that the debian maintainer already patched the Intrepid version. I'm test building the hardy package now and will attach the debdiff after I confirm it builds. -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
It needs to open task on hardy. Please do it someone from MOTU. -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
** Also affects: mantis (Ubuntu Hardy) Importance: Undecided Status: New -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Fixed in other releases, only hardy is affected. ** Changed in: mantis (Ubuntu) Status: In Progress = Fix Released ** Changed in: mantis (Ubuntu) Assignee: Micah Gersten (micahg) = (unassigned) ** Changed in: mantis (Ubuntu Hardy) Assignee: (unassigned) = Micah Gersten (micahg) -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Debdiff attached. I don't have the USN number, so I left it out. Test build here: https://launchpad.net/~micahg/+archive/sru-test/+packages ** Attachment added: Debdiff For Hardy v1 http://launchpadlibrarian.net/37344115/mantis_1.0.8-4_1.0.8-4ubuntu0.1.debdiff -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Updating status per Security Updates wiki page. ** Changed in: mantis (Ubuntu Hardy) Importance: Undecided = High ** Changed in: mantis (Ubuntu Hardy) Status: New = Confirmed -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
I'll prepare the debdiff tonight. ** Changed in: mantis (Ubuntu) Status: Triaged = In Progress ** Changed in: mantis (Ubuntu) Assignee: (unassigned) = Micah Gersten (micahg) -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Micah, please check other releases for affect this bug. -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Hardy and Intrepid are affected and I'll prepare debdiffs for both. I believe this is no longer supported in dapper and I don't know if it's affected or not. -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
** Attachment added: patch fix CVE-2008-4687 http://launchpadlibrarian.net/37301839/patch%20fix%20CVE-2008-4687 -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 481631] Re: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
** Changed in: mantis (Ubuntu) Status: New = Triaged ** Changed in: mantis (Ubuntu) Importance: Undecided = High ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4687 -- mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit https://bugs.launchpad.net/bugs/481631 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs