Ubuntu
mantis package

FFe: Sync mantis 1.2.8-1 (universe) from Debian unstable (main)

Bug #848124 reported by Jamie Strandboge
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mantis (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Please sync mantis 1.2.8-1 (universe) from Debian unstable (main)

Explanation of FeatureFreeze exception:
Several important security fixes are included.

Changelog entries since current oneiric version 1.2.6-1:

mantis (1.2.8-1) unstable; urgency=medium

   * Urgency medium: fixed serious bug (policy violations)
     + debian/mantis.config:
       Allow set empty password in debconf config to prevent errors in
       unattended installations (--frontend:Noninteractive --priority=critical)
       (Closes: #640589)
   * New Security Upstream Release (1.2.8)
   * debian/README.Debian:
     + Added info about setting up custom variables.
   * debian/patches:
     + dropped: Fixed in new upstream version (1.2.8)
       Multiple vulnerabilities (LFI/XSS/Projax/PHPSELF)
       000-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
       000-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
       000-Fix-640297-LFI-XSS-injection-via-PHPSELF.diff
       000-Fix-640297-Projax-XSS-injection.diff
   * debian/copyright: updated
   * debian/mantis.lintian-overrides: added

 -- Silvia Alvarez <email address hidden> Mon, 12 Sep 2011 03:25:00 +0200

mantis (1.2.7-1) unstable; urgency=high

  * Security Upstream Release (1.2.7)
  * Urgency high: Fixes critical LFI/XSS vulnerabilites
  * debian/NEWS: updated
  * debian/README.Debian: updated
  * debian/doc/README.LDAP: updated
  * debian/po debconf translations:
    + Added Swedish translation, thanks to
       Martin Bagge (Closes: #640061)
    + Fixed Language Field: sv
  * debian/patches:
    + dropped:
      000-fix-security-bug-bts-638321-filterapi-multiple-XSS.diff
      Bug fixed in new upstream release.
   + updated:
      000-cleanup-gitignore-file-from-orignal-tarball.diff
   + added: Multiple vulnerabilities (LFI/XSS/Projax/PHPSELF)
     Thanks to David Hicks, MantisBT developer. (Closes: #640297)
     000-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
     000-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
     000-Fix-640297-LFI-XSS-injection-via-PHPSELF.diff
     000-Fix-640297-Projax-XSS-injection.diff

 -- Silvia Alvarez <email address hidden> Mon, 05 Sep 2011 20:41:13 +0200

Jamie Strandboge (jdstrand)
Changed in mantis (Ubuntu):
importance: Undecided → Wishlist
security vulnerability: no → yes
Changed in mantis (Ubuntu):
importance: Wishlist → High
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

/srv/launchpad.net/codelines/soyuz-production-rev-13890/eggs/Chameleon-2.4.0-py2.6.egg/chameleon/template.py:21: UserWarning: Unbuilt egg for setuptools [unknown version] (/usr/lib/python2.6/dist-packages)
  if distribution.has_version():
[Updating] mantis (1.2.6-1 [Ubuntu] < 1.2.8-1 [Debian])
 * Trying to add mantis...
2011-09-12 18:01:22 INFO - <mantis_1.2.8.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
2011-09-12 18:01:22 INFO - <mantis_1.2.8-1.dsc: downloading from http://ftp.debian.org/debian/>
2011-09-12 18:01:22 INFO - <mantis_1.2.8-1.debian.tar.gz: downloading from http://ftp.debian.org/debian/>
I: mantis [universe] -> mantis_1.2.6-1 [universe].

Changed in mantis (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.