Date: Sun, 9 Aug 2009 13:01:55 -0400 From: "Michael S. Gilbert" <michael.s.gilbert@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request: mantis Hello, Debian recently updated mantis. The description is: It was discovered that the Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database. References: http://www.debian.org/security/2009/dsa-1856 http://bugs.debian.org/425010 Can we get a CVE id for this? Thanks! Mike
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.