|
|
mantisbt/doc ChangeLog,1.821.2.6,1.821.2.6.2.1: msg#00036
|
Subject: |
mantisbt/doc ChangeLog,1.821.2.6,1.821.2.6.2.1 |
Update of /cvsroot/mantisbt/mantisbt/doc
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21667/doc
Modified Files:
Tag: BRANCH_0_19_3
ChangeLog
Log Message:
- Updated version to 0.19.4
- Updated ChangeLog.
Index: ChangeLog
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/doc/ChangeLog,v
retrieving revision 1.821.2.6
retrieving revision 1.821.2.6.2.1
diff -u -d -r1.821.2.6 -r1.821.2.6.2.1
--- ChangeLog 11 Oct 2005 12:06:33 -0000 1.821.2.6
+++ ChangeLog 13 Dec 2005 11:27:54 -0000 1.821.2.6.2.1
@@ -1,14 +1,28 @@
Mantis ChangeLog
+2005.12.13 - 0.19.4
+
+This is a maintenance release that mainly contains security fixes. All 0.19.x
are advised to upgrade
+to this version.
+
+- 0006419: [security] File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
+- 0006420: [security] Injection Vulnerabilities in Filters (TKADV2005-11-002)
(thraxisp)
+- 0006457: [security] SQL Injection in manage user page (TKADV2005-11-002)
(vboctor)
+- 0006460: [security] HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
+- 0006486: [security] Port XSS Vulnerability in filters (TKADV2005-11-002)
(thraxisp)
+
2005.10.11 - 0.19.3
-- 0005247: [security] Real email addresses are visible when using reminders
(vboctor)
-- 0005751: [security] Javascript XSS vulnerability (vboctor)
-- 0005959: [security] Cross Site Scripting Vulnerabilty in the
mantis/view_all_set.php Script (vboctor)
-- 0006097: [security] user ID is cached indefinately (vboctor)
-- 0006273: [security] File Inclusion Vulnerability (vboctor)
-- 0006275: [security] SQL injection (vboctor)
-- 0006330: [bugtracker] System warning in login_page.php when no new
installation
+This is a maintenance release that mainly contains security fixes. All 0.19.x
are advised to upgrade
+to this version.
+
+- 0006330: [bugtracker] System warning in login_page.php when no new
installation (vboctor)
+- 0006331: [security] Port #5247 to 0.19.3: Real email addresses are visible
when using reminders (vboctor)
+- 0006332: [security] Port #5751 to 0.19.3: Javascript XSS vulnerability
(vboctor)
+- 0006333: [security] Port #5959 to 0.19.3: Cross Site Scripting Vulnerabilty
in the mantis/view_all_set.php Script (vboctor)
+- 0006334: [security] Port #6097 to 0.19.3: user ID is cached indefinately
(vboctor)
+- 0006335: [security] Port #6273 to 0.19.3: File Inclusion Vulnerability
(vboctor)
+- 0006336: [security] Port #6275 to 0.19.3: SQL injection (vboctor)
2004.12.11 - 0.19.2
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
|
| |
