Date: Mon, 21 Jul 2008 09:56:03 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: CVE request: mantis < 1.1.2 Hi! New mantis 1.1.2 fixes multiple security issues: http://www.mantisbt.org/bugs/changelog_page.php - 0008974: [security] XSS Vulnerability in filters (thraxisp) - closed. - 0008975: [security] CSRF Vulnerabilities in user_create (jreese) - closed. - 0008976: [security] Remote Code Execution in adm_config (giallu) - closed. - 0009154: [security] arbitrary file inclusion through user preferences page (giallu) - closed. First 3 are described in the bugtraq post from ~2months ago: http://marc.info/?l=bugtraq&m=121130774617956&w=4 with issue B) / CSRF / 0008975 being known as CVE-2008-2276. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.