On Sun, 2010-10-24 at 18:53 +0200, sils wrote: > Attached you will find the diff between mantis_1.1.6+dfsg-2lenny2 > (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny3 with the fix for > CVE-2010-3303. > > I did not uploaded any package until receive a confirmation or > guidelines from the release team about how to proceed.
Have you confirmed with the security team that they do not wish to resolve this via a DSA? I realise that the previous XSS issues were fixed via p-u, but http://security-tracker.debian.org/tracker/CVE-2010-3303 is not currently marked "no DSA". Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1287941787.27210.2313.ca...@hathi.jungle.funky-badger.org
