Summary: | www-apps/mantisbt <1.1.2-r1 Insecure cookie session hijacking (CVE-2008-3102) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | pva, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://int21.de/cve/CVE-2008-3102-mantis.html | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-09-24 15:13:58 UTC
mantisbt-1.1.2-r1 should fix this issue. But please wait until monday (29.09) to ask for stabilization. It's possible that upstream will roll out new release that we'll better stabilize it... Eh, I forgot to commit it to the tree, but now I did that. Taking into account how long it sometime takes upstream to release new version, lest stabilize this one. Arch teams, please, do it. Target keywords: www-apps/mantisbt-1.1.2-r1: amd ppc x6 ppc stable amd64/x86 stable, all arches done. Ready for vote, I vote YES. Should be GLSAed together with bug 222649 and bug 241940. GLSA request still to be filed. YES GLSA 200812-07 |