oss-sec mailing list archives
Re: CVE request: mantis before 1.2.12
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 13 Nov 2012 20:24:32 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 13 Nov 2012 11:26:39 -0700 Kurt Seiifried <kseifried () redhat com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/13/2012 07:52 AM, Hanno Böck wrote:http://www.mantisbt.org/bugs/changelog_page.php?version_id=150 New mantis bugtracker release. Two fixes are security relevant (althouhg both sound minor)Just to confirm I understand these issues:
I'm not really into the development and only made the request based on the release changelog, but I think I agree for the second being an information disclosure, the first seems to be more general a "wrong permission"-issue, although the consequence is probably also "just" an information disclosure. - -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBCAAGBQJQoqyDAAoJEKWIAHK7tR5C3Q0P/R4Doqli1gTdwwcu2UCJUYdg yj3mDvg8aIDXcIYlF9eKsQgY5a4LpzPmlyWQg/5sF5HgNViQmqH9S8eDbpqRhpeb j38HxyjekZ1qFBpW3KT3LpSI2BJKbdIESJLn+VhsBEFoRly+/b9GO8UoebQIkhIF vvpap3kDSUSQJv0TLWZ3j82EcTyaOcn4JABOpIeAPvgyZK9tUPmcI/88XSnSZiHj FOx4QYNAEiD6ryPQlJLxZdfe4+7jFIB5qaTuPuafuAr6NDLw7CST8WgFKDkhRbYD yQJaMYvKKOpjA6pwID8cPeZL3FO9Ijukgt+gUFngiJy986z7CMGpaNFncg59YxBr 6c1ppUWYPPVIWRt2HFw3MLaqGydGtp9bc1s9Rb3TJgBc+6NYNYgIADN0V9uDL536 Of+3uVjtGIkEQwzrVq+EWPmfpoGF1e+t3cFyf+ISaCMabwQnqP2tCcBBpYa9MOFu sxuvCBa4Vk0HRqgkS15m6L7PntaEL/iJZ0OSBke5lljouX/t8WmtSWzL/2AMEJ8d CyDe1JQ7H8b6b2mY4hkuZYiTtrLe/GNusBXyWPQqzAYpRhzzMOGs1X830CJ1PSbJ RpeA6m/V4V+xvib0hadvrEO5p0Cp8ZWVIZgFZQ9+nCQ8hajSHzOzJoEM8dDWNGuo meG04rDUkMkU7Jch5F9v =qj8K -----END PGP SIGNATURE-----
Current thread:
- CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
- Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
- Re: CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
- Re: CVE request: mantis before 1.2.12 cve-assign (Nov 15)
- Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
- Re: CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
- Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)