lp:debian/lenny/mantis

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

10. By Dario Minnucci on 2011-09-12

* Bump package version to 'lenny6' for another security upload try
  as requested by Moritz.
  Previous upload was rejected by dak. Reject Reasons:
   + md5sum for mantis_1.1.6+dfsg.orig.tar.gz doesn't match
   + size for mantis_1.1.6+dfsg.orig.tar.gz doesn't match

9. By Silvia Alvarez <email address hidden> on 2010-10-30

debian/patches/07-CVE-2010-3763.diff:
Fixes for CVE-2010-3763.

8. By Patrick Schoenfeld on 2009-07-31

* Urgency high because this upload fixes a security issue
* Fix a security issue with the default permissions of the database
  configuration. It has been world-readable. It is now fixed for
  new installations and previous installations are (carefully)
  updated. (Closes: #425010)

7. By Patrick Schoenfeld on 2008-12-22

Upload to unstable

6. By Patrick Schoenfeld on 2008-10-28

* Urgency high because it fixes a severity important problem
  introduced by a security fix.
* Add upstream patch which fixes user registration (was broken by the
  patches for CVE-2008-4689)
  (Closes: #503668)

5. By Patrick Schoenfeld on 2008-10-20

* Urgency high because it is an update for a security issue
  which was patched in the last upload.
* Updated the patch for the remote code execution vulnerability to
  avoid possible regressions that might be caused by the wrong
  implementation in the first patch.

4. By Hilko Bengen on 2005-08-16

* Maintainer upload for the security team
* Fixes CAN-2005-2556
  - Mantis bug#0005956: Fixes "Database system scanner via variable
    poisoning" vulnerability
* Fixes CAN-2005-2557
  - Mantis bug#0005959: Fixes cross-site-scripting vulnerability in
    view_all_set.php
  - Mantis bug#0006002: Fixes cross-site-scripting vulnerability in
    view_all_bug_page.php
* Thanks to Joxean Koret <email address hidden> for pointing these
  issues out. Thanks to Glenn Henshaw <email address hidden> for providing
  detailed information by sending the BTS entries per mail

  Unfortunately, to my knowledge, upstream developers have neither made
  those entries publicly available nor issued warnings after fixing the
  bugs.

3. By Hilko Bengen on 2004-10-04

* New maintainer
* New upstream version (Closes: #227727, #271318)
  - As of 0.18, Mantis no longer relies on register_globals being set
    (Closes: #257005)
* Depends: [...] apache | httpd (Closes: #241178)
* Included ca Debconf translation (Closes: #236664)
* Speling and grammar fixes in Debconf templates
* postinst, postrm
  - Allow configuration of multiple webserver installations
  - use wwwconfig-common to handle database stuff
* Removed debhelper-default preinst, prerm scripts
* Let user choose a password for the administrator user (Closes: #274748)
* Generate random password for database access if the user has not
  chosen a password (Closes: #274746)

2. By Bruno D. Rodrigues on 2003-08-29

* Only reconfigure if config.php doesn't exists, avoiding overwriting it
  (Closes: #199985)
* Urlencodes before creating bug and cvs links (Closes: #200336)
* Downgraded priorities from some debconf questions
* Don't rm -fr /etc/mantis
* Debconf also askes for apache-perl (already on dependency list)
* Updated to Standards-Version 3.6.1
* Better detection of wrong mysql's root user/pass parameters

1. By Bruno D. Rodrigues on 2003-08-29

Import upstream version 0.17.5