lp:ubuntu/intrepid-updates/mantis
- Get this branch:
- bzr branch lp:ubuntu/intrepid-updates/mantis
Branch merges
Branch information
Recent revisions
- 6. By Andrew Starr-Bochicchio
-
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689) - 5. By Patrick Schoenfeld
-
* Urgency high because it is an update for a security issue
which was patched in the last upload.
* Updated the patch for the remote code execution vulnerability to
avoid possible regressions that might be caused by the wrong
implementation in the first patch. - 4. By Hilko Bengen
-
* Maintainer upload for the security team
* Fixes CAN-2005-2556
- Mantis bug#0005956: Fixes "Database system scanner via variable
poisoning" vulnerability
* Fixes CAN-2005-2557
- Mantis bug#0005959: Fixes cross-site-scripting vulnerability in
view_all_set. php
- Mantis bug#0006002: Fixes cross-site-scripting vulnerability in
view_all_bug_ page.php
* Thanks to Joxean Koret <email address hidden> for pointing these
issues out. Thanks to Glenn Henshaw <email address hidden> for providing
detailed information by sending the BTS entries per mailUnfortunately, to my knowledge, upstream developers have neither made
those entries publicly available nor issued warnings after fixing the
bugs. - 3. By Hilko Bengen
-
* New maintainer
* New upstream version (Closes: #227727, #271318)
- As of 0.18, Mantis no longer relies on register_globals being set
(Closes: #257005)
* Depends: [...] apache | httpd (Closes: #241178)
* Included ca Debconf translation (Closes: #236664)
* Speling and grammar fixes in Debconf templates
* postinst, postrm
- Allow configuration of multiple webserver installations
- use wwwconfig-common to handle database stuff
* Removed debhelper-default preinst, prerm scripts
* Let user choose a password for the administrator user (Closes: #274748)
* Generate random password for database access if the user has not
chosen a password (Closes: #274746) - 2. By Bruno D. Rodrigues
-
* Only reconfigure if config.php doesn't exists, avoiding overwriting it
(Closes: #199985)
* Urlencodes before creating bug and cvs links (Closes: #200336)
* Downgraded priorities from some debconf questions
* Don't rm -fr /etc/mantis
* Debconf also askes for apache-perl (already on dependency list)
* Updated to Standards-Version 3.6.1
* Better detection of wrong mysql's root user/pass parameters
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/mantis