OK, sorry about the duplicate report. Unfortunately, there have been a dozen or so different security patches in Mantis between versions 1.08 and 1.16, so while perhaps a single small patch could be produced to fix this particular vulnerability, it would not address all the other ones. So, would this not warrant a major version upgrade to Mantis rather than just a patch?
-Pete Marc Deslauriers wrote: > Thanks for taking the time to report this bug and helping to make Ubuntu > better. Since the package referred to in this bug is in universe or > multiverse, it is community maintained. If you are able, I suggest > posting a debdiff for this issue. When a debdiff is available, members > of the security team will review it and publish the package. See the > following link for more information: > https://wiki.ubuntu.com/SecurityUpdateProcedures > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2008-4687 > > -- security issues with manage_proj_page.php https://bugs.launchpad.net/bugs/345988 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
