Path to this page:
./
devel/mantis,
PHP/MySQL/web based bugtracking system
Branch: pkgsrc-2008Q3,
Version: 1.1.4,
Package name: mantis-1.1.4,
Maintainer: adrianpMantis is a web-based bugtracking system. It is written in the PHP scripting
language and requires the MySQL database and a webserver. Mantis has been
installed on Windows, MacOS, OS/2, and a variety of Unix operating systems.
Almost any web browser should be able to function as a client. It is released
under the terms of the GNU General Public License (GPL).
Mantis is free to use and modify. It is free to redistribute as long as you
abide by the distribution terms of the GPL.
Required to run:[
databases/mysql5-client] [
databases/php-mysql] [
www/ap-php]
Required to build:[
lang/perl5] [
www/apache22]
Master sites: (Expand)
SHA1: 7e64529508d3e35b98ae49c12b808998e669ef76
RMD160: e67d3aa48e65498b7a75909a5976f21db9554d75
Filesize: 2524.14 KB
Version history: (Expand)
- (2008-11-04) Updated to version: mantis-1.1.4
- (2008-10-06) Package added to pkgsrc.se, version mantis-1.1.2 (created)
CVS history: (Expand)
2008-11-04 12:43:24 by Matthias Scheler | Files touched by this commit (2) | |
Log message:
Pullup ticket #2569 - requested by adrianp
mantis: security update
Revisions pulled up:
- devel/mantis/Makefile 1.33
- devel/mantis/distinfo 1.13
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Nov 2 17:25:18 UTC 2008
Modified Files:
pkgsrc/devel/mantis: Makefile distinfo
Log message:
Update to 1.1.4
2008.10.18 - 1.1.4
===================================
We had to withdraw 1.1.3 because of a serious flaw affecting the
bug_report* pages. This new release fixes that problem and a newly
discovered security issue.
- 0009704: [security] Remote Code Execution in manage_proj_page.php
(giallu) - resolved.
- 0009691: [bugtracker] Failed to report issue.(Always APPLICATION ERROR
#2800) (jreese) - resolved.
- 0009690: [other] Wrong parameter count for session_set_cookie_params()
(jreese) - resolved.
- 0009693: [webpage] Generated HTML contains multiple hostnames when
proxied (jreese) - resolved.
2008.10.09 - 1.1.3
===================================
In this release we fixed a couple of nasty bugs sneaked into 1.1.2,
where sending bugnotes email notifications would fail and browser
caching was not functional.
We also refined the implementation of form security tokens and closed a
couple of security issues, an information disclosure (with no CVE) and a
session hijacking (CVE-2008-3102).
- 0009321: [security] Users can get title and status of issues that they
don't have access to. (vboctor) - resolved.
- 0009533: [security] Mantis should use secure sessions on https
connections (jreese) - resolved.
- 0009286: [administration] stray "2" in manage_user_prune.php (vboctor)
- resolved.
- 0009664: [authentication] Logout without unsetting session cookie
(jreese) - resolved.
- 0009323: [bugtracker] Browser caching broken since 1.1.2 (jreese) -
resolved.
- 0009470: [bugtracker] Tags filter not filling into text field when
selecting from list using Internet Explorer (jreese) - resolved.
- 0009493: [custom fields] Removing custom fields from project causes
application error 2800 (giallu) - resolved.
- 0009309: [email] Problems with e-mail notifications about bugnotes
[PATCH] (giallu) - resolved.
- 0004678: [filters] Filter combos don't fill up on if switched to 'All
Projects' - closed.
- 0009430: [graphs] bug_graph_bystatus shows heading by_category
(thraxisp) - resolved.
- 0009431: [localization] no localization for usage of open, resolved,
closed in bug_graph_bystatus.php (thraxisp) - resolved.
- 0008882: [other] Gravatar causes annoying security popups on IE when
using Mantis over HTTPS/SSL (jreese) - resolved.
- 0009361: [other] php session fail created cause mantis app error.
(jreese) - resolved.
- 0009560: [other] Wrong behaviour in Session API (session_save_path
error message) (jreese) - resolved.
- 0009672: [other] Fixing form error by going back fails because of
security token (jreese) - resolved.
- 0009343: [scripting] form security token prevents changing
relationship while resolving bug (jreese) - resolved.
|