-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 4 Jan 2006 17:45:00 +0100 Source: mantis Binary: mantis Architecture: source all Version: 0.19.2-5sarge1 Distribution: stable-security Urgency: high Maintainer: Hilko Bengen <bengen@debian.org> Changed-By: Igor Genibel <igenibel@debian.org> Description: mantis - web-based bug tracking system Changes: mantis (0.19.2-5sarge1) stable-security; urgency=high . * Maintainer upload for the security team (Related: #345288) - Fixes CVE-2005-4524: Notes on private bugs may be leaked. - Fixes CVE-2005-4523: Private bugs may be leaked through RSS feeds. - Fixes CVE-2005-4522: XSS in view_filters_page.php. - Fixes CVE-2005-4521: Two CRLF injection vulnerabilities. - Fixes CVE-2005-4520: Unspecified "port injection". - Fixes CVE-2005-4519: Multiple SQL injection vulnerabilities. - Fixes CVE-2005-4518: Bypass of file upload restrictions. - Fixes CVE-2005-4238: XSS in view_filters_page.php. . Applied the changes between 0.19.3 (that were already applied) and 0.19.4. Note that since 0.19.3 (included) new version are only security fixes. Files: 84bfa6cce4f41aebd7f7bdd810048504 580 web optional mantis_0.19.2-5sarge1.dsc 0c827e6e04027c31080de40d53930689 39448 web optional mantis_0.19.2-5sarge1.diff.gz a5d28b04680faf1abbda95cc18b28bac 897448 web optional mantis_0.19.2-5sarge1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDvAjD+xgdMBZI9sgRAjJ/AJ994Z+TEGyUQ8w5CHkALBVIs9a3rACcCx5y DJb1TLAC/orH8kXGjBDTIYw= =LiXV -----END PGP SIGNATURE----- Accepted: mantis_0.19.2-5sarge1.diff.gz to pool/main/m/mantis/mantis_0.19.2-5sarge1.diff.gz mantis_0.19.2-5sarge1.dsc to pool/main/m/mantis/mantis_0.19.2-5sarge1.dsc mantis_0.19.2-5sarge1_all.deb to pool/main/m/mantis/mantis_0.19.2-5sarge1_all.deb