[SECURITY] [DLA 512-1] mantis security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 512-1] mantis security update
From: Chris Lamb <lamby@debian.org>
Date: Sun, 12 Jun 2016 11:55:02 +0100
Message-id: <[🔎] 1465728902.3098184.635170825.5AAF169D@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mantis
Version        : 1.2.18-1+deb7u1
CVE ID         : CVE-2016-5364

It was discovered that there was an XSS vulnerability in custom
field management in mantis, a web-based bug tracking system.

For Debian 7 "Wheezy", this issue has been fixed in mantis version
1.2.18-1+deb7u1.

We recommend that you upgrade your mantis packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXXT9hAAoJEB6VPifUMR5Yz9AP/AwewPUlyFKl5r7KryZncfMN
GqQFaZwAx/o7OeiuQ46i6/5OdA7jECuaSvnqy628+glX5OEuxhxj634M8A+zaVwb
lgy0LlctuRbx2cnxcdXORYGMENcgR73yD9D5g6csf9oWwAaeaR4qAqZGohSJxGd2
kYyqgTyVi2dodEuE0SmL/5H8THxqRK7iBF+intbwcPEhzwkiiCgoctuF9w16vszl
fsl8CI/Aob/D70Ls8e2NY3Hy8dYxd9Hqb+bwaVHTdIBd3amI2kRzwrwCs9zC78Fn
5xNvz2ivZMyZsrhCc17E6dS1VWHUZXlzWjXYlHvqGZZD1lMOaBsLyZ8amLd7coQg
+b2nw2aAONv8PKWp9PwLOs1dSauxh7FWntSPUjDUywdb3ALwKLjetsOVgvcDx78V
GcvE3gw18wqqfjYGrqsoTmXrwFJox8UJkpUK/0U4NXoJyH4mKfIzM6HLrjXGMcie
1dkAgrgHBZBUNqL2TOgXE3v8gNkYDaYFvYxZn8g43FAmdDjHAm6Zo7DQA/ENl3AY
9m7/7Yydl0trETWtsANAAR/sZbN22EfoSgNPTK0oTKMKRaHtgzMSLQO5ycvFWJfD
OiwI7JhLYRu9S6bZ+0ojkz9s/PLE0rrAg+iktsp7XZSJF2kKJOHLhHnBx4cVmkAU
UjdGTu8gUKtinctsAmuP
=iFPX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 511-1] libtorrent-rasterbar security update
Next by Date: [SECURITY] [DLA 513-1] nspr security update
Previous by thread: [SECURITY] [DLA 511-1] libtorrent-rasterbar security update
Next by thread: [SECURITY] [DLA 513-1] nspr security update
Index(es):
- Date
- Thread