Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Feb 2015 09:59:13 -0000
From: "P Richards" <>
To: <>
Cc: <>
Subject: RE: Re: CVE request: XSS in MantisBT

As the initial discoverer of CVE-2014-8986, I can confirm that the commit in
e326b73a does not fix the issue reported in CVE-2014-8986.

The commit
ef41bf40 does fix CVE-2014-8986.

@mitre: The description @ is incorrect -
"MantisBT 1.2.13 through 1.2.17". The issue described in CVE-2014-8986 was
not fixed in either 1.2.18 or .1.2.19. How does one get the status of this
issue updated?


-----Original Message-----
From: Damien Regad [] 
Sent: 16 February 2015 09:53
Subject: [oss-security] Re: CVE request: XSS in MantisBT

P Richards <paul@...> writes:

> According to github
> the fix referenced for CVE-2014-8986 has never been tagged to a 1.2.x 
> release.

It would help if you looked at the 1.2.x commit...

$ git describe --contains e326b73a

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ