Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Jul 2008 09:56:03 +0200
From: Tomas Hoger <>
Subject: CVE request: mantis < 1.1.2


New mantis 1.1.2 fixes multiple security issues:

- 0008974: [security] XSS Vulnerability in filters (thraxisp) - closed.
- 0008975: [security] CSRF Vulnerabilities in user_create (jreese) - closed.
- 0008976: [security] Remote Code Execution in adm_config (giallu) -
- 0009154: [security] arbitrary file inclusion through user preferences
page (giallu) - closed.

First 3 are described in the bugtraq post from ~2months ago:

with issue B) / CSRF / 0008975 being known as CVE-2008-2276.

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.