Date: Mon, 16 Feb 2015 09:59:13 -0000 From: "P Richards" <paul@...tisforge.org> To: <oss-security@...ts.openwall.com> Cc: <cve-assign@...re.org> Subject: RE: Re: CVE request: XSS in MantisBT As the initial discoverer of CVE-2014-8986, I can confirm that the commit in e326b73a does not fix the issue reported in CVE-2014-8986. The commit https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02c ef41bf40 does fix CVE-2014-8986. @mitre: The description @ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986 is incorrect - "MantisBT 1.2.13 through 1.2.17". The issue described in CVE-2014-8986 was not fixed in either 1.2.18 or .1.2.19. How does one get the status of this issue updated? Thanks Paul -----Original Message----- From: Damien Regad [mailto:dregad@...tisbt.org] Sent: 16 February 2015 09:53 To: oss-security@...ts.openwall.com Subject: [oss-security] Re: CVE request: XSS in MantisBT P Richards <paul@...> writes: > > According to github > https://github.com/mantisbt/mantisbt/commit/cabacdc2 > the fix referenced for CVE-2014-8986 has never been tagged to a 1.2.x > release. It would help if you looked at the 1.2.x commit... http://github.com/mantisbt/mantisbt/commit/e326b73a $ git describe --contains e326b73a release-1.2.18~27
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ