pkgsrc/devel/mantis/distinfo at 00800f8237e9facd8900898dba65cd4a8d95e184 - kpriv/pkgsrc - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/pkgsrc

rodent 42496035e4 Update to 1.2.17. pkgsrc changes: Add bash:run to USE_TOOLS and

REPLACE_BASH in installed file. Replace PHP interpreter in installed *.php
files. Move options framework into options.mk. Use INSTALLATION_DIRS
instead of INSTALL_DATA_DIR. From doc/RELEASE:

1.2.17 Security Release (2014-03-04)
-------------------------------------------------

MantisBT 1.2.17 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are strongly advised
to upgrade to this release. Download it from [3].

An SQL injection vulnerability (CVE-2014-2238) in adm_config_report.php was
patched. Refer to issue #17055 for detailed information.

This release also includes a few bug fixes for the tracker, including News API
correction for the regression issue #16940 introduced in 1.2.16, as well as
updated translations in many languages.

A full changelog for the 1.2.x series can be found on the official site. [1]

1.2.16 Security Release (2014-02-07)
-------------------------------------------------

MantisBT 1.2.16 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are strongly advised
to upgrade to this release. Download it from [3].

The following security issues were resolved:

 - Cross-site scripting (XSS) issue in account_sponsor_page.php, allowing a
   malicious user with project manager access to execute arbitrary JavaScript
   code (CVE-2013-4460). Affects MantisBT 1.1.0 and later.
   Refer to issue #16513 for detailed information.

 - SQL injection attacks through the SOAP API's mc_attachment_get() function
   (CVE-2014-1608). Affects MantisBT 1.1.0a4 and later.
   Refer to issue #16879 for detailed information.

 - Additional cases of unsanitized SQL query parameters usage were identified,
   potentially allowing SQL injection attacks (CVE-2014-1609).
   Refer to issue #16880 for detailed information.

This release also includes many bug fixes and enhancements to the tracker
and the SOAP api, as well as updated translations in many languages.

A full changelog for the 1.2.x series can be found on the official site. [1]

[1] The changelog is split between multiple releases:

1.2.17     http://www.mantisbt.org/bugs/changelog_page.php?version_id=189
1.2.16     http://www.mantisbt.org/bugs/changelog_page.php?version_id=183

2014-09-24 01:06:26 +00:00

5 lines

253 B

Text

Raw Blame History

 $NetBSD: distinfo,v 1.17 2014/09/24 01:06:26 rodent Exp $
 SHA1 (mantisbt-1.2.17.tar.gz) = 7cfa03ca674eb6727ed6d9c3f79266a12c0a669c
 RMD160 (mantisbt-1.2.17.tar.gz) = 40a599a5be7868d13374d9b36bf8ce33ed55149e
 Size (mantisbt-1.2.17.tar.gz) = 3958728 bytes