I'm posting this as a drive-by because I just noticed this: https://mantisbt.org/bugs/changelog_page.php?version_id=370 2.25.8 Released 2023-10-14 Security and maintenance release addressing an information disclosure issue (CVE-2023-44394) and a security issue in bundled GuzzleHttp library (CVE-2023-29197). This release also resolves several PHP 8.x compatibility and REST API issues. All installations are strongly advised to upgrade as soon as possible.
^Triage: reporter is committer, assign accordingly.
Created attachment 247482 [details] update patch to 2.26.0 Update databases/mantis to version 2.26.0. CHECK/QA: - update: from 2.25.6 (postgres+php81) to 2.26.0 (postgres+php82): core functions seem OK, no changes seen in user flows - new install: core functions work well - poudriere: OK (13.2R; with/without my,pg,plugins in all combinations) - portlint: no new WARNs/ERRs VuXML entry in a separate PR: #276146
(In reply to Zoltan ALEXANDERSON BESSE from comment #2) I have updated my host using your patch. Thank you.
Created attachment 247487 [details] this patch applies
(In reply to Zoltan ALEXANDERSON BESSE from comment #2) I lied. The orginal patch fails for me on hunk 1. I don't know why. My own patch, attached, seems to apply fine.
My version fall prey to auto tab<>space conversion on its way there, yours is more accurate. Thanks for clarification.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3cf4de18e8b4bc8dfbdbfbde68ad9709b64cdd21 commit 3cf4de18e8b4bc8dfbdbfbde68ad9709b64cdd21 Author: Dan Langille <dvl@FreeBSD.org> AuthorDate: 2024-01-06 16:55:29 +0000 Commit: Dan Langille <dvl@FreeBSD.org> CommitDate: 2024-01-06 16:55:29 +0000 databases/mantis: Update to 2.26.0 re: https://mantisbt.org/bugs/changelog_page.php?version_id=360 https://mantisbt.org/bugs/changelog_page.php?version_id=370 Fixes two CVEs PR: 276022 Security: CVE-2023-29197 CVE-2023-44394 databases/mantis/Makefile | 2 +- databases/mantis/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
Thank you.
A commit in branch 2024Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b96e2310d5eac17703578547ca0e5208db63e114 commit b96e2310d5eac17703578547ca0e5208db63e114 Author: Dan Langille <dvl@FreeBSD.org> AuthorDate: 2024-01-06 16:55:29 +0000 Commit: Dan Langille <dvl@FreeBSD.org> CommitDate: 2024-01-06 17:32:16 +0000 databases/mantis: Update to 2.26.0 re: https://mantisbt.org/bugs/changelog_page.php?version_id=360 https://mantisbt.org/bugs/changelog_page.php?version_id=370 Fixes two CVEs PR: 276022 Security: CVE-2023-29197 CVE-2023-44394 (cherry picked from commit 3cf4de18e8b4bc8dfbdbfbde68ad9709b64cdd21) databases/mantis/Makefile | 2 +- databases/mantis/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)