oss-sec mailing list archives
Re: CVE request: mantis before 1.2.12
From: Damien Regad <damien.regad () merckgroup com>
Date: Fri, 18 Jan 2013 13:20:49 +0000 (UTC)
<cve-assign@...> writes:
We didn't think this was about information disclosure. Our interpretation is that CVE-2012-5522 (aka bug 14496) is about which users are allowed to change the status of a bug:
A bit late to confirm, but anyway... The above analysis is absolutely correct. Damien Regad MantisBT developer
Current thread:
- Re: CVE request: mantis before 1.2.12 Damien Regad (Jan 18)