-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thijs Kinkhorst wrote: > Hello,
Hi Thijs > On Thu, 29 Sep 2005, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > >>mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in >>the latest DSA upload that fixed several others: >> >>- 0006097: [security] user ID is cached indefinately (thraxisp) >>- 0006189: [security] List of users (in filter) visible for unauthorized >>users. (thraxisp) >> >>Besides that there was a CVE assignment (CAN-2005-3091) for a >>Cross-Site-Scripting >>vulnerability that refers the Mantis bug 5751, for which I can't find a >>referenced >>fix in the 0.19.2-4 changelog as well. > > > Three weeks later, there has been no response yet from the maintainer, > perhaps you are busy with other projects? Since I think it's important > that RC bugs get fixed in a timely manner, I am looking into preparing > an NMU for this within the next week. This is of course no offense but > an effort to help improve the quality of Debian. > > Please let me know if you oppose to an NMU. I will post a patch as soon > as I have one. Note that this is part of the NM process of Thijs, so I'll probably be the one doing the NMU as his AM. - -- Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D Fingerprint: D5AF 25FB 316B 53BB 08E7 F999 E544 DE07 9B7C 328D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDVoW55UTeB5t8Mo0RAnqiAJ9OHWWZYh5T+62/q77jfE6FDkF1OACffQSh WWfN3yh39IYm2sXFpkr+y5w= =KZJM -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
