[Secure-testing-team] Bug#599710: CVE-2010-3303
Moritz Muehlenhoff
jmm at debian.org
Sun Oct 10 11:21:22 UTC 2010
Package: mantis
Severity: grave
Tags: security
Out of the six security issues fixed in mantis 1.2.3, two
have already been fixed in Squeeze/sid. The four remaining
XSS issues have been assigned CVE-2010-3303. Please see
the following link in the Red Hat BTS for details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3303
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages mantis depends on:
pn apache2 | httpd <none> (no description available)
pn dbconfig-common <none> (no description available)
ii debconf 1.5.35 Debian configuration management sy
pn libapache2-mod-php5 | php5-cl <none> (no description available)
pn libphp-adodb <none> (no description available)
pn libphp-phpmailer <none> (no description available)
ii ucf 3.0025 Update Configuration File: preserv
Versions of packages mantis recommends:
pn mysql-client <none> (no description available)
pn php5-mysql <none> (no description available)
Versions of packages mantis suggests:
pn mysql-server <none> (no description available)
pn php5-cli <none> (no description available)
More information about the Secure-testing-team
mailing list