Hello, On Thu, 29 Sep 2005, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in > the latest DSA upload that fixed several others: > > - 0006097: [security] user ID is cached indefinately (thraxisp) > - 0006189: [security] List of users (in filter) visible for unauthorized > users. (thraxisp) > > Besides that there was a CVE assignment (CAN-2005-3091) for a > Cross-Site-Scripting > vulnerability that refers the Mantis bug 5751, for which I can't find a > referenced > fix in the 0.19.2-4 changelog as well.
Three weeks later, there has been no response yet from the maintainer, perhaps you are busy with other projects? Since I think it's important that RC bugs get fixed in a timely manner, I am looking into preparing an NMU for this within the next week. This is of course no offense but an effort to help improve the quality of Debian. Please let me know if you oppose to an NMU. I will post a patch as soon as I have one. regards, Thijs
signature.asc
Description: This is a digitally signed message part
