oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: mantis < 1.1.2

From: Tomas Hoger <thoger () redhat com>
Date: Mon, 21 Jul 2008 09:56:03 +0200
Hi!

New mantis 1.1.2 fixes multiple security issues:

  http://www.mantisbt.org/bugs/changelog_page.php

- 0008974: [security] XSS Vulnerability in filters (thraxisp) - closed.
- 0008975: [security] CSRF Vulnerabilities in user_create (jreese) - closed.
- 0008976: [security] Remote Code Execution in adm_config (giallu) -
closed.
- 0009154: [security] arbitrary file inclusion through user preferences
page (giallu) - closed.

First 3 are described in the bugtraq post from ~2months ago:

  http://marc.info/?l=bugtraq&m=121130774617956&w=4

with issue B) / CSRF / 0008975 being known as CVE-2008-2276.

-- 
Tomas Hoger / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: