-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 28 Jul 2006 13:37:02 +0200 Source: mantis Binary: mantis Architecture: source all Version: 0.19.2-5sarge4.1 Distribution: stable-security Urgency: high Maintainer: Igor Genibel <igenibel@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: mantis - web-based bug tracking system Closes: 361138 378353 Changes: mantis (0.19.2-5sarge4.1) stable-security; urgency=high . * Non-maintainer upload for security issues. * CVE-2006-0664: Cross site scripting in config_defaults_inc.php. Apply upstream patch. * CVE-2006-0841: Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php, manage_user_page.php, view_filters_page.php, proj_doc_delete.php. Apply selected upstream patches where relevant to our version. (Closes: #378353) * Revert typo in debconf string as it's not appropriate for stable(security). . mantis (0.19.2-5sarge4) stable-security; urgency=high . * Security update for CVE-2006-1577 - fix XSS problem (Closes: #361138) * Fix a typo in debconf management (adminpassoword <-> adminpassword) . mantis (0.19.2-5sarge3) stable-security; urgency=high . * Security update for CVE-2006-0665 - better check _GET - Cross site scripting vulnerability Files: 186850cfa7493513907212591d8c550b 586 web optional mantis_0.19.2-5sarge4.1.dsc 74a6598eff0b5f741df8c768c060edc4 42068 web optional mantis_0.19.2-5sarge4.1.diff.gz 6a94215892b6efedd61e042973060022 897142 web optional mantis_0.19.2-5sarge4.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEyfb+JdKMxZV9WM8RAq4SAJsEn2sSIU6yjxeLHCKh1NtIJVPyOACgvcs4 MAtD4hDhq7gFV9mzreq5twQ= =OqBA -----END PGP SIGNATURE----- Accepted: mantis_0.19.2-5sarge4.1.diff.gz to pool/main/m/mantis/mantis_0.19.2-5sarge4.1.diff.gz mantis_0.19.2-5sarge4.1.dsc to pool/main/m/mantis/mantis_0.19.2-5sarge4.1.dsc mantis_0.19.2-5sarge4.1_all.deb to pool/main/m/mantis/mantis_0.19.2-5sarge4.1_all.deb