oss-sec mailing list archives
CVE request: mantis < 1.1.2
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 21 Jul 2008 09:56:03 +0200
Hi! New mantis 1.1.2 fixes multiple security issues: http://www.mantisbt.org/bugs/changelog_page.php - 0008974: [security] XSS Vulnerability in filters (thraxisp) - closed. - 0008975: [security] CSRF Vulnerabilities in user_create (jreese) - closed. - 0008976: [security] Remote Code Execution in adm_config (giallu) - closed. - 0009154: [security] arbitrary file inclusion through user preferences page (giallu) - closed. First 3 are described in the bugtraq post from ~2months ago: http://marc.info/?l=bugtraq&m=121130774617956&w=4 with issue B) / CSRF / 0008975 being known as CVE-2008-2276. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: mantis < 1.1.2 Tomas Hoger (Jul 21)
- Re: CVE request: mantis < 1.1.2 Steven M. Christey (Jul 27)