Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 26 Nov 2014 23:12:25 -0500 (EST)
From: cve-assign@...re.org
To: dregad@...tisbt.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: CAPTCHA bypass in MantisBT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
> https://www.mantisbt.org/bugs/view.php?id=17811

> Use session rather than form key for captcha

Use CVE-2014-9117.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUdqMOAAoJEKllVAevmvmszB4IAJoBUTi5IJUsPH65tiLEjH4k
6YR4uZ7FJNy6lhDa5r0IwD6CfWcksgyvj3oPdI1SBp8308H8WpT+QaXzaSQxVlEy
QOOf8AztSjIR+PHNJZmzEFxp5J3WVsKq53UbIa0u83WwhencGohGNwABujR28A/X
2ARnctHzt8+YEUyhLTcAsYqAzgusvozVuN4sGiIdBwXRMzO6y+bbtqhe+nplBSbs
LY0r8pfz1Zvlz2sRaq73ySBSGhWKtF2FRoirvbuEPkwg+VlUaFT//nnWm06IfOF9
3u5F2jpRsb95OX9U6+OlPYxqZyTsI7P4840ZAarDBMgwHc1BVGTfbfprjxDKSco=
=Tmxs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.