Hi Patrick, > CVE-2008-0404[0]: > | Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows > | remote attackers to inject arbitrary web script or HTML via the "Most > | active bugs" summary. > > > You can find a patch for this on: > http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/trunk/mantisbt/core/su > mmary_api.php?r1=4848&r2=4897&view=patch
Could you check out the status of this in sarge? If it applies to sarge aswell, then maybe we can issue a new DSA fixing this and the regressions in one go. Thijs
