CVE request: mantis

["Michael S. Gilbert" <michael.s.gilbert () gmail com>]

Hello,

Debian recently updated mantis.  The description is:

  It was discovered that the Debian Mantis package, a web based bug
  tracking system, installed the database credentials in a file with
  world-readable permissions onto the local filesystem. This allows
  local users to acquire the credentials used to control the Mantis
  database.

  References:
  http://www.debian.org/security/2009/dsa-1856
  http://bugs.debian.org/425010

Can we get a CVE id for this? Thanks!

Mike