Security status of mantis

Hi,
I picked up the mantis rpm package maintenance for Fedora
Core, so
that now both FC-5 and FC-6 have the latest version
available for
download (1.0.5).

Though, I have still some open bugs to check, and those are
related to
security problems reported in the past. In particular I
would like
your help to determine if 1.0.5 and 0.19.5 are still
affected by those
listed in:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
169220
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
191089

I would really appreciate any help, adding comments here or
in the bug
reports themselves.

Regards

Gianluca

------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Mantisbt-dev mailing list
Mantisbt-devlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mantisbt-d
ev

Hi Gianluca,

Thanks for working on this.  Please send me your
bugs.mantisbugtracker.com user name and I will provide you
access to
see the security issues that are marked as private.  This
will allow
you to know the latest relating to security fixes.

> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
169220

I have checked this and all the issues referenced via links
seem to be
resolved.  We are now following an approach where we mark
the security
fixes as public shortly after the official releases.  To
visit the
issues you will need to visit the URLs in the link but
replace
mantisbt.org with mantisbugtracker.com.

> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
191089

The debian page is not really specific, once I grant you
access you
can go through the fixed issues in details and check if we
have
applied the fixes.  If this didn't work out, then you can
compare the
debian release with our official release and check that the
fixes are
in our latest stable releases or the latest one used by
Fedora.

Regards,
Victor

On 10/18/06, Gianluca Sforna <giallugmail.com> wrote:
> Hi,
> I picked up the mantis rpm package maintenance for
Fedora Core, so
> that now both FC-5 and FC-6 have the latest version
available for
> download (1.0.5).
>
> Though, I have still some open bugs to check, and those
are related to
> security problems reported in the past. In particular I
would like
> your help to determine if 1.0.5 and 0.19.5 are still
affected by those
> listed in:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
169220
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
191089
>
> I would really appreciate any help, adding comments
here or in the bug
> reports themselves.
>
> Regards
>
> Gianluca
>
>
------------------------------------------------------------
-------------
> Using Tomcat but need to do more? Need to support web
services, security?
> Get stuff done quickly with pre-integrated technology
to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based
on Apache Geronimo
> http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Mantisbt-dev mailing list
> Mantisbt-devlists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mantisbt-d
ev
>

------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Mantisbt-dev mailing list
Mantisbt-devlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mantisbt-d
ev