Date: Fri, 19 Aug 2011 15:40:23 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities Please use CVE-2011-2938 for the multiple XSS issues. Thanks. -- JB ----- Original Message ----- > Original vulnerability report by Net.Edit0r (Net.Edit0r@....net) from > BlACK Hat Group [http://black-hg.org] is available at: > http://packetstormsecurity.org/files/104149 > > MantisBT bug report for full details of the issue: > http://www.mantisbt.org/bugs/view.php?id=13245 > > Please note that the second SQL injection vulnerability identified by > Net.Edit0r is not reproducible (refer to the MantisBT bug report above > for reasons why). > > A patch for 1.2.6 is available at: > https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b > > MantisBT 1.2.7 is currently being packaged and will be available > shortly > through usual channels for distributions and standalone users to pick > up. > > Bug reports cross-posted elsewhere: > Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=379739 > Fedora/Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=731777 > Debian: Submitted (queued) > Ubuntu: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857 > > Thanks, > > David Hicks > MantisBT Developer > mantisbt.org, #mantishelp on freenode
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ