Bug 116036

Summary:	www-apps/mantisbt - security release
Product:	Gentoo Security	Reporter:	Renat Lumpau (RETIRED) <rl03>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa] DerCorny
Package list:		Runtime testing required:	---

Description Renat Lumpau (RETIRED) gentoo-dev

2005-12-19 06:05:25 UTC

Mantis 0.19.4 is now available for download.
This maintenance release includes the following fixes:

- #0006419: [security] File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
- #0006420: [security] Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- #0006457: [security] SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- #0006460: [security] HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- #0006486: [security] Port XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)

All 0.19.x users are encouraged to upgrade to this release.

Comment 1 Renat Lumpau (RETIRED) gentoo-dev

2005-12-19 06:07:17 UTC

0.19.4 in CVS.

Comment 2 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-19 06:10:26 UTC

well great work, that was fast, almost everything already done :)

ppc pls mark stable. thx

Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-12-19 11:54:10 UTC

Stable on ppc.

Comment 4 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-19 12:29:29 UTC

ready for glsa vote, i've made no decision yet

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-19 13:51:39 UTC

small yes from me.

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-12-20 02:47:54 UTC

yes from me

Comment 7 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-22 13:42:41 UTC

GLSA 200512-12 Thx to everbody involved.