Change logs for mantis source package in Precise

mantis (1.2.10-1) unstable; urgency=high


  [ Dario Minnucci ]
  * New upstream release (1.2.10) 
    - Urgency high because includes fixes for various CVEs
      (upstream fixed in version 1.2.9) (Closes: #662858)
      - CVE-2012-1118
      - CVE-2012-1119
      - CVE-2012-1120
      - CVE-2012-1121
      - CVE-2012-1122
      - CVE-2012-1123
  * debian/patches:
    - Drop 000-cleanup-gitignore-file-from-orignal-tarball.diff
      .gitignore file is no longer distributed in the tarball.
  * debian/po:
    - Added Danish translation of the debconf templates.
      Thanks to Joe Dalton. (Closes: #664284)
  * debian/control:
    - Bump Standards-Version to 3.9.3 (no changes)
    - Build-Depends updated to use debhelper >= 9
  * debian/copyright:
    - Fixes for DEP5 compatibility
    - Copyright years updated
  * debian/rules:
    - Fix permision on www/images directory
  * debian/conf/debian_admin_install.php:
    - Remove support for 'mssql'. Driver is no longer supported in
      PHP >= 5.3
  * debian/NEWS: Updated
  * debian/README.Debian: Updated

 -- Dario Minnucci <email address hidden>  Wed, 11 Apr 2012 23:12:24 +0200

mantis (1.2.8-1) unstable; urgency=medium

  * Urgency medium: fixed serious bug (policy violations)
    + debian/mantis.config:
      Allow set empty password in debconf config to prevent errors in 
      unattended installations (--frontend:Noninteractive --priority=critical)
      (Closes: #640589)
  * New Security Upstream Release (1.2.8)
  * debian/README.Debian: 
    + Added info about setting up custom variables.
  * debian/patches:
    + dropped: Fixed in new upstream version (1.2.8) 
      Multiple vulnerabilities (LFI/XSS/Projax/PHPSELF)
      000-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
      000-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
      000-Fix-640297-LFI-XSS-injection-via-PHPSELF.diff
      000-Fix-640297-Projax-XSS-injection.diff
  * debian/copyright: updated
  * debian/mantis.lintian-overrides: added

mantis (1.2.7-1) unstable; urgency=high

  * Security Upstream Release (1.2.7)
  * Urgency high: Fixes critical LFI/XSS vulnerabilites
  * debian/NEWS: updated
  * debian/README.Debian: updated
  * debian/doc/README.LDAP: updated 
  * debian/po debconf translations:
    + Added Swedish translation, thanks to
       Martin Bagge (Closes: #640061)
    + Fixed Language Field: sv
  * debian/patches:
    + dropped:
      000-fix-security-bug-bts-638321-filterapi-multiple-XSS.diff
      Bug fixed in new upstream release.
   + updated:
      000-cleanup-gitignore-file-from-orignal-tarball.diff
   + added: Multiple vulnerabilities (LFI/XSS/Projax/PHPSELF)
     Thanks to David Hicks, MantisBT developer. (Closes: #640297)
     000-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
     000-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
     000-Fix-640297-LFI-XSS-injection-via-PHPSELF.diff
     000-Fix-640297-Projax-XSS-injection.diff
 -- Jamie Strandboge <email address hidden>   Mon,  12 Sep 2011 18:01:23 +0000