-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 29 Oct 2005 21:53:06 +0200 Source: mantis Binary: mantis Architecture: source all Version: 0.19.2-4.1 Distribution: stable-security Urgency: high Maintainer: Hilko Bengen <bengen@debian.org> Changed-By: Thijs Kinkhorst <kink@squirrelmail.org> Description: mantis - web-based bug tracking system Closes: 330682 335938 Changes: mantis (0.19.2-4.1) stable-security; urgency=high . * NMU for security bugs: - Mantis #0005247: Real email addresses are visible when using reminders [CVE-2005-3338] - Mantis #0005751: Javascript XSS vulnerability [CVE-2005-3091] - Mantis #0006097: user ID is cached indefinately [CVE-2005-3339] - Mantis #0006273: File Inclusion Vulnerability [CVE-2005-3335] - Mantis #0006275: SQL injection [CVE-2005-3336] Patches from upstream developers (Closes: #330682, #335938) Files: b7c83d901ff3cfa1c4cb54502e5519c7 572 web optional mantis_0.19.2-4.1.dsc e364d9ebb64a2071c3188baabb027dbd 36447 web optional mantis_0.19.2-4.1.diff.gz 4131ad481a77292789af31e00a7960e6 895006 web optional mantis_0.19.2-4.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDgGg8W5ql+IAeqTIRAq3fAJ9fnIkjF5qgZQpJ4QPmB74EubeZfACgnDND YhRP9wzZn77/4A8Orh2DIgM= =GVuN -----END PGP SIGNATURE----- Accepted: mantis_0.19.2-4.1.diff.gz to pool/main/m/mantis/mantis_0.19.2-4.1.diff.gz mantis_0.19.2-4.1.dsc to pool/main/m/mantis/mantis_0.19.2-4.1.dsc mantis_0.19.2-4.1_all.deb to pool/main/m/mantis/mantis_0.19.2-4.1_all.deb