Ubuntu
mantis package

lp:ubuntu/intrepid-updates/mantis

Intrepid (8.10)
intrepid-updates

Created by James Westby on 2009-08-07 and last modified on 2009-08-07

Get this branch:: bzr branch lp:ubuntu/intrepid-updates/mantis

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

6. By Andrew Starr-Bochicchio on 2008-12-11

* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
   during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
   viewer before composing a link with issue data in the source
   anchor.
* Backport patch from Debian which fixes user registration (was
  broken by the patches for CVE-2008-4689)

5. By Patrick Schoenfeld on 2008-10-20

* Urgency high because it is an update for a security issue
  which was patched in the last upload.
* Updated the patch for the remote code execution vulnerability to
  avoid possible regressions that might be caused by the wrong
  implementation in the first patch.

4. By Hilko Bengen on 2005-08-16

* Maintainer upload for the security team
* Fixes CAN-2005-2556
  - Mantis bug#0005956: Fixes "Database system scanner via variable
    poisoning" vulnerability
* Fixes CAN-2005-2557
  - Mantis bug#0005959: Fixes cross-site-scripting vulnerability in
    view_all_set.php
  - Mantis bug#0006002: Fixes cross-site-scripting vulnerability in
    view_all_bug_page.php
* Thanks to Joxean Koret <email address hidden> for pointing these
  issues out. Thanks to Glenn Henshaw <email address hidden> for providing
  detailed information by sending the BTS entries per mail

  Unfortunately, to my knowledge, upstream developers have neither made
  those entries publicly available nor issued warnings after fixing the
  bugs.

3. By Hilko Bengen on 2004-10-04

* New maintainer
* New upstream version (Closes: #227727, #271318)
  - As of 0.18, Mantis no longer relies on register_globals being set
    (Closes: #257005)
* Depends: [...] apache | httpd (Closes: #241178)
* Included ca Debconf translation (Closes: #236664)
* Speling and grammar fixes in Debconf templates
* postinst, postrm
  - Allow configuration of multiple webserver installations
  - use wwwconfig-common to handle database stuff
* Removed debhelper-default preinst, prerm scripts
* Let user choose a password for the administrator user (Closes: #274748)
* Generate random password for database access if the user has not
  chosen a password (Closes: #274746)

2. By Bruno D. Rodrigues on 2003-08-29

* Only reconfigure if config.php doesn't exists, avoiding overwriting it
(Closes: #199985)
* Urlencodes before creating bug and cvs links (Closes: #200336)
* Downgraded priorities from some debconf questions
* Don't rm -fr /etc/mantis
* Debconf also askes for apache-perl (already on dependency list)
* Updated to Standards-Version 3.6.1
* Better detection of wrong mysql's root user/pass parameters

1. By Bruno D. Rodrigues on 2003-08-29

Import upstream version 0.17.5

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/mantis

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntumantis package