-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 09 Jan 2008 10:24:53 +0100 Source: mantis Binary: mantis Architecture: source all Version: 0.19.2-5sarge5 Distribution: oldstable-security Urgency: high Maintainer: Igor Genibel <igenibel@debian.org> Changed-By: Patrick Schoenfeld <schoenfeld@in-medias-res.com> Description: mantis - web-based bug tracking system Closes: 402802 458377 Changes: mantis (0.19.2-5sarge5) oldstable-security; urgency=high . * Maintainer upload for the security team * Fixed security issue CVE-2007-6611: "Upload File" Script insertion vulnerability by applying the patch from sid. (Closes: #458377) * Fixed security issue CVE-2006-6574: Custom Field Information Disclosure by backporting changes in history_api.php from sid (Closes: #402802) * Fixed security issue: Email notifications bypass security on custom fields * Fixed multiple XSS vulnerabilites by backporting changes from upstream version 1.0.7 Files: 176c95ad5f1142fcb9364540fd19eeea 874 web optional mantis_0.19.2-5sarge5.dsc b1c5f077e0046c5b33d77e99a2b4ffe5 46292 web optional mantis_0.19.2-5sarge5.diff.gz 5708305cbd20cde4825b3adb7d72d3a1 898014 web optional mantis_0.19.2-5sarge5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR4sVoWz0hbPcukPfAQJqMQf/QuiGvAL5OS//Vg5H8YmnYUHujP+I9qe7 eYaTODpsm6N8XhrUYYeiPO92bDYF8IfPJF+Novb2n/2qVoo/q5mV/UcYxeA3m2sw p0/JdTZIFexifKN5Z/dsK36JH3UOQxSbTzJB5NrNMtypKS9wAkemk0M8EJynKWb+ Te6qdnQNDDAGkNBUBog99xaRz3cqhUCx+Um3pbEO60igzwwoEMb2d4yi1XEqJiKF qR0HQtu8DnYrMyZ832QOY+56Ju4qY6xfn+RxCqqyu6LmeEI1cUY72VI2t7IuWNKA Dr2WdF10Eutg958hb1tXCkpgXz1xfxNMDw/YQ8AHQliSJ0UkHun/FA== =kp5F -----END PGP SIGNATURE----- Accepted: mantis_0.19.2-5sarge5.diff.gz to pool/main/m/mantis/mantis_0.19.2-5sarge5.diff.gz mantis_0.19.2-5sarge5.dsc to pool/main/m/mantis/mantis_0.19.2-5sarge5.dsc mantis_0.19.2-5sarge5_all.deb to pool/main/m/mantis/mantis_0.19.2-5sarge5_all.deb