drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in mantis
Name: |
Mehrere Probleme in mantis |
|
ID: |
DSA-1467-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian sarge |
|
Datum: |
Sa, 19. Januar 2008, 13:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6611 |
|
Applikationen: |
Mantis Bug Tracker |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1467-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 19, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : mantis Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-6574 CVE-2007-6611 Debian Bug : 402802 458377
Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2006-6574
Custom fields were not appropriately protected by per-item access control, allowing for sensitive data to be published.
CVE-2007-6611
Multiple cross site scripting issues allowed a remote attacker to insert malicious HTML or web script into Mantis web pages. The stable distribution (etch) is not affected by these problems.
For the old stable distribution (sarge), these problems have been fixed in version 0.19.2-5sarge5.
For the unstable distribution (sid), these problems have been fixed in version 1.0.8-4.
We recommend that you upgrade your mantis package.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------
Source archives:
mantis_0.19.2-5sarge5.dsc Size/MD5 checksum: 874 176c95ad5f1142fcb9364540fd19eeea mantis_0.19.2.orig.tar.gz Size/MD5 checksum: 1298615 042c42c6de3bc536181391c1e9b25db3 mantis_0.19.2-5sarge5.diff.gz Size/MD5 checksum: 46292 b1c5f077e0046c5b33d77e99a2b4ffe5
Architecture independent packages:
mantis_0.19.2-5sarge5_all.deb Size/MD5 checksum: 898014 5708305cbd20cde4825b3adb7d72d3a1
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR5Hs4mz0hbPcukPfAQKqVggAjAIIsz2BI6ol9YKV42xsmoflT9OcfHyY zjfPheB+HCRSELYFyV0hnWxIEBW/65KDE5O9wAjGCfmspbZgRgg9Fc7tw6U6I7AM zzMNp/M4PlK3PqCYMUrRyRqhW0zizXIiIKN4y6bFI0FcyVXw1BJDKdiSef1yZxUH FXUS7rRZwNZ/+tW+zQ5bvuMjnk2gJkOAxQvUZi7J4iHOJZMuoKrusv4BfW2wUFLK 57zSaIACPqTGHrRF8U0BHp0u+eP7uoarMpGFzYEG7UQ7mx3nIgbAF22k+k2xxFnr x+0TaqZaRoKt14KtQLos3U+TAc11rWvTUN2o/+bIfhL9b8GuTOHaNQ== =fvqR -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|