TITLE: Debian update for mantis SECUNIA ADVISORY ID: SA17654 VERIFY ADVISORY: http://secunia.com/advisories/17654/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting and SQL injection attacks, and compromise a vulnerable system. For more information: SA16506 SA16818 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.1.dsc Size/MD5 checksum: 572 b7c83d901ff3cfa1c4cb54502e5519c7 http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.1.diff.gz Size/MD5 checksum: 36447 e364d9ebb64a2071c3188baabb027dbd http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz Size/MD5 checksum: 1298615 042c42c6de3bc536181391c1e9b25db3 Architecture independent components: http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.1_all.deb Size/MD5 checksum: 895006 4131ad481a77292789af31e00a7960e6 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.19.3-0.1. ORIGINAL ADVISORY: http://www.debian.org/security/2005/dsa-905 OTHER REFERENCES: SA16506: http://secunia.com/advisories/16506/ SA16818: http://secunia.com/advisories/16818/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------