Gentoo Bug 116036 - www-apps/mantisbt - security release

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	116036
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Renat Lumpau <rl03@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 116036 depends on:			Show dependency tree
Bug 116036 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-12-19 06:05 0000

Mantis 0.19.4 is now available for download.
This maintenance release includes the following fixes:

- #0006419: [security] File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
- #0006420: [security] Injection Vulnerabilities in Filters (TKADV2005-11-002)
(thraxisp)
- #0006457: [security] SQL Injection in manage user page (TKADV2005-11-002)
(vboctor)
- #0006460: [security] HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- #0006486: [security] Port XSS Vulnerability in filters (TKADV2005-11-002)
(thraxisp)

All 0.19.x users are encouraged to upgrade to this release.

------- Comment #1 From Renat Lumpau 2005-12-19 06:07:17 0000 -------

0.19.4 in CVS.

------- Comment #2 From Stefan Cornelius (RETIRED) 2005-12-19 06:10:26 0000 -------

well great work, that was fast, almost everything already done :)

ppc pls mark stable. thx

------- Comment #3 From Michael Hanselmann (hansmi) (RETIRED) 2005-12-19 11:54:10 0000 -------

Stable on ppc.

------- Comment #4 From Stefan Cornelius (RETIRED) 2005-12-19 12:29:29 0000 -------

ready for glsa vote, i've made no decision yet

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-12-19 13:51:39 0000 -------

small yes from me.

------- Comment #6 From Thierry Carrez (RETIRED) 2005-12-20 02:47:54 0000 -------

yes from me

------- Comment #7 From Stefan Cornelius (RETIRED) 2005-12-22 13:42:41 0000 -------

GLSA 200512-12 Thx to everbody involved.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 116036

www-apps/mantisbt - security release

Last modified: 2005-12-22 13:42:41 0000