* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)
-- Andrew Starr-Bochicchio <email address hidden> Thu, 11 Dec 2008 16:02:23 -0500
This bug was fixed in the package mantis - 1.1.2+dfsg- 8ubuntu0. 1
--------------- dfsg-8ubuntu0. 1) intrepid-security; urgency=low
mantis (1.1.2+
* Backport security fixes from Debian. (LP: #291531)
- CVE-2008-4689: Mantis does not unset the session cookie
during the logout.
- CVE-2008-4688: Mantis does not check the privileges of the
viewer before composing a link with issue data in the source
anchor.
* Backport patch from Debian which fixes user registration (was
broken by the patches for CVE-2008-4689)
-- Andrew Starr-Bochicchio <email address hidden> Thu, 11 Dec 2008 16:02:23 -0500