[Bug 291531] Re: [CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites

Launchpad Bug Tracker Wed, 21 Jan 2009 06:55:29 -0800

This bug was fixed in the package mantis - 1.1.2+dfsg-8ubuntu0.1

---------------
mantis (1.1.2+dfsg-8ubuntu0.1) intrepid-security; urgency=low


  * Backport security fixes from Debian. (LP: #291531)
   - CVE-2008-4689: Mantis does not unset the session cookie
     during the logout.
   - CVE-2008-4688: Mantis does not check the privileges of the
     viewer before composing a link with issue data in the source
     anchor.
  * Backport patch from Debian which fixes user registration (was
    broken by the patches for CVE-2008-4689)

 -- Andrew Starr-Bochicchio <[email protected]>   Thu, 11 Dec 2008
16:02:23 -0500

** Changed in: mantis (Ubuntu Intrepid)
       Status: Fix Committed => Fix Released

-- 
[CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites
https://bugs.launchpad.net/bugs/291531
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 291531] Re: [CVE-2008-4688] [CVE-2008-4689] multiple security vulnerabilites

Reply via email to