Author: geissert Date: 2010-09-05 23:36:41 +0000 (Sun, 05 Sep 2010) New Revision: 15272 Modified: data/CVE/list data/embedded-code-copies Log: mantis updates Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-05 21:34:49 UTC (rev 15271) +++ data/CVE/list 2010-09-05 23:36:41 UTC (rev 15272) @@ -994,8 +994,11 @@ RESERVED {DSA-2094-1} - linux-2.6 2.6.32-22 -CVE-2010-2802 +CVE-2010-2802 [mantis attachment XSS] RESERVED + - mantis <not-affected> (vulnerable code introduced in 1.2.x) + TODO: confirm 1.1.x is not affected + NOTE: http://www.mantisbt.org/bugs/view.php?id=11952 CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...) {DSA-2087-1} - cabextract 1.3-1 (bug #591552) Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2010-09-05 21:34:49 UTC (rev 15271) +++ data/embedded-code-copies 2010-09-05 23:36:41 UTC (rev 15272) @@ -1063,8 +1063,7 @@ - gallery2 <unfixed> (embed) - typo3-src <unfixed> (embed) - phpgacl 3.3.7-7 (embed) - - mantis <unfixed> (embed) - TODO: already depends on nusoap, so may be using system lib; check + - mantis 1.1.8+dfsg-1 (embed) libept - adept <unfixed> (embed; bug #540649)