Date: Mon, 20 Oct 2008 09:16:52 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: hoffie@...too.org, coley@...re.org Subject: Re: CVE request: mantisbt < 1.1.4: RCE On Sun, 19 Oct 2008 11:18:31 +0200 Christian Hoffmann <hoffie@...too.org> wrote: > has a CVE id been already assigned to the recent remote code execution > issue in mantis < 1.1.4? If not, please do so. > > References: > http://www.mantisbt.org/bugs/view.php?id=0009704 > http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679 > http://www.milw0rm.com/exploits/6768 > https://bugs.gentoo.org/show_bug.cgi?id=242722 There's actually at least one issue fixed in 1.1.3 that probably deserves a CVE: - 0009321: [security] Users can get title and status of issues that they don't have access to. (vboctor) - closed. http://www.mantisbt.org/bugs/view.php?id=9321 Additionally, Gentoo bug: http://bugs.gentoo.org/show_bug.cgi?id=241940 points out another fix in 1.1.3: - 0009664: [authentication] Logout without unsetting session cookie (jreese) - closed. http://www.mantisbt.org/bugs/view.php?id=9664 Which seems to be on the edge between security fix and security enhancement, not sure if this kind of fixes get CVE ids assigned. Thanks! -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.