-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 16 Aug 2005 23:37:04 +0200 Source: mantis Binary: mantis Architecture: source all Version: 0.19.2-4 Distribution: stable-security Urgency: high Maintainer: Hilko Bengen <bengen@debian.org> Changed-By: Hilko Bengen <bengen@debian.org> Description: mantis - web-based bug tracking system Changes: mantis (0.19.2-4) stable-security; urgency=HIGH . * Maintainer upload for the security team * Fixes CAN-2005-2556 - Mantis bug#0005956: Fixes "Database system scanner via variable poisoning" vulnerability * Fixes CAN-2005-2557 - Mantis bug#0005959: Fixes cross-site-scripting vulnerability in view_all_set.php - Mantis bug#0006002: Fixes cross-site-scripting vulnerability in view_all_bug_page.php * Thanks to Joxean Koret <joxeankoret@yahoo.es> for pointing these issues out. Thanks to Glenn Henshaw <thraxisp4@mac.com> for providing detailed information by sending the BTS entries per mail . Unfortunately, to my knowledge, upstream developers have neither made those entries publicly available nor issued warnings after fixing the bugs. Files: 645a849f54cada06624b040ca106310f 568 web optional mantis_0.19.2-4.dsc 042c42c6de3bc536181391c1e9b25db3 1298615 web optional mantis_0.19.2.orig.tar.gz 311c66f058bfd06ef02d97dc0dad4880 34601 web optional mantis_0.19.2-4.diff.gz afa2f33377b412779d5710e94b5f68e3 895224 web optional mantis_0.19.2-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDAmG3UCgnLz/SlGgRAoGDAKCTWZVA9JLGaNslowefPO2v+2aI0QCggdOo 5tgG97ZELgs66Kfk+F/A9sE= =isaE -----END PGP SIGNATURE----- Accepted: mantis_0.19.2-4.diff.gz to pool/main/m/mantis/mantis_0.19.2-4.diff.gz mantis_0.19.2-4.dsc to pool/main/m/mantis/mantis_0.19.2-4.dsc mantis_0.19.2-4_all.deb to pool/main/m/mantis/mantis_0.19.2-4_all.deb -- To UNSUBSCRIBE, email to debian-testing-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org