From dan at langille.org  Sat Apr  1 04:06:05 2006
From: dan at langille.org (Dan Langille)
Date: Sat Apr  1 04:06:11 2006
Subject: mantis problems fixed
Message-ID: <442DB5D7.30037.301FFEF@dan.langille.org>

Hi folks,

I've been finding out that a couple of mantis-related problems 
have been fixed:

http://www.freebsd.org/ports/portaudit/82a41084-6ce7-11da-b90c-
000e0c2e438a.html

has been fixed here:

http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/bug_sponsorshi
p_list_view_inc.php?rev=1.13&view=log
Fixed #6273: File Inclusion Vulnerability


And:  http://www.FreeBSD.org/ports/portaudit/6e3b12e2-6ce3-11da-b90c-
000e0c2e438a.html

is here: 
http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/core/filter_ap
i.php?rev=1.138&view=log

fix for 0006436: code injection
  - fixed 1 possible code injection and 2 XSS injections

Could someone update the vuxml db please?  I'd like to 
put mantis back into the tree.

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php


From dan at langille.org  Sat Apr  1 12:20:33 2006
From: dan at langille.org (Dan Langille)
Date: Sat Apr  1 12:20:39 2006
Subject: mantis problems fixed
In-Reply-To: <442DB5D7.30037.301FFEF@dan.langille.org>
Message-ID: <442E29B8.11496.4C6A495@dan.langille.org>

On 31 Mar 2006 at 23:05, Dan Langille wrote:

> Hi folks,
> 
> I've been finding out that a couple of mantis-related problems 
> have been fixed:
> 
> http://www.freebsd.org/ports/portaudit/82a41084-6ce7-11da-b90c-
> 000e0c2e438a.html
> 
> has been fixed here:
> 
> http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/bug_sponsorshi
> p_list_view_inc.php?rev=1.13&view=log
> Fixed #6273: File Inclusion Vulnerability
> 
> 
> And:  http://www.FreeBSD.org/ports/portaudit/6e3b12e2-6ce3-11da-b90c-
> 000e0c2e438a.html
> 
> is here: 
> http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/core/filter_ap
> i.php?rev=1.138&view=log
> 
> fix for 0006436: code injection
>   - fixed 1 possible code injection and 2 XSS injections
> 
> Could someone update the vuxml db please?  I'd like to 
> put mantis back into the tree.

This just came to hand:

http://www.frsirt.com/english/advisories/2006/1184

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php