lp:debian/lenny/mantis
- Get this branch:
- bzr branch lp:debian/lenny/mantis
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 10. By Dario Minnucci
-
* Bump package version to 'lenny6' for another security upload try
as requested by Moritz.
Previous upload was rejected by dak. Reject Reasons:
+ md5sum for mantis_1.1.6+dfsg. orig.tar. gz doesn't match
+ size for mantis_1.1.6+dfsg. orig.tar. gz doesn't match - 9. By Silvia Alvarez <email address hidden>
-
debian/
patches/ 07-CVE- 2010-3763. diff:
Fixes for CVE-2010-3763. - 8. By Patrick Schoenfeld
-
* Urgency high because this upload fixes a security issue
* Fix a security issue with the default permissions of the database
configuration. It has been world-readable. It is now fixed for
new installations and previous installations are (carefully)
updated. (Closes: #425010) - 6. By Patrick Schoenfeld
-
* Urgency high because it fixes a severity important problem
introduced by a security fix.
* Add upstream patch which fixes user registration (was broken by the
patches for CVE-2008-4689)
(Closes: #503668) - 5. By Patrick Schoenfeld
-
* Urgency high because it is an update for a security issue
which was patched in the last upload.
* Updated the patch for the remote code execution vulnerability to
avoid possible regressions that might be caused by the wrong
implementation in the first patch. - 4. By Hilko Bengen
-
* Maintainer upload for the security team
* Fixes CAN-2005-2556
- Mantis bug#0005956: Fixes "Database system scanner via variable
poisoning" vulnerability
* Fixes CAN-2005-2557
- Mantis bug#0005959: Fixes cross-site-scripting vulnerability in
view_all_set. php
- Mantis bug#0006002: Fixes cross-site-scripting vulnerability in
view_all_bug_ page.php
* Thanks to Joxean Koret <email address hidden> for pointing these
issues out. Thanks to Glenn Henshaw <email address hidden> for providing
detailed information by sending the BTS entries per mailUnfortunately, to my knowledge, upstream developers have neither made
those entries publicly available nor issued warnings after fixing the
bugs. - 3. By Hilko Bengen
-
* New maintainer
* New upstream version (Closes: #227727, #271318)
- As of 0.18, Mantis no longer relies on register_globals being set
(Closes: #257005)
* Depends: [...] apache | httpd (Closes: #241178)
* Included ca Debconf translation (Closes: #236664)
* Speling and grammar fixes in Debconf templates
* postinst, postrm
- Allow configuration of multiple webserver installations
- use wwwconfig-common to handle database stuff
* Removed debhelper-default preinst, prerm scripts
* Let user choose a password for the administrator user (Closes: #274748)
* Generate random password for database access if the user has not
chosen a password (Closes: #274746) - 2. By Bruno D. Rodrigues
-
* Only reconfigure if config.php doesn't exists, avoiding overwriting it
(Closes: #199985)
* Urlencodes before creating bug and cvs links (Closes: #200336)
* Downgraded priorities from some debconf questions
* Don't rm -fr /etc/mantis
* Debconf also askes for apache-perl (already on dependency list)
* Updated to Standards-Version 3.6.1
* Better detection of wrong mysql's root user/pass parameters
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/mantis