Date: Mon, 16 Feb 2015 09:59:13 -0000 From: "P Richards" <paul@...tisforge.org> To: <oss-security@...ts.openwall.com> Cc: <cve-assign@...re.org> Subject: RE: Re: CVE request: XSS in MantisBT As the initial discoverer of CVE-2014-8986, I can confirm that the commit in e326b73a does not fix the issue reported in CVE-2014-8986. The commit https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02c ef41bf40 does fix CVE-2014-8986. @mitre: The description @ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986 is incorrect - "MantisBT 1.2.13 through 1.2.17". The issue described in CVE-2014-8986 was not fixed in either 1.2.18 or .1.2.19. How does one get the status of this issue updated? Thanks Paul -----Original Message----- From: Damien Regad [mailto:dregad@...tisbt.org] Sent: 16 February 2015 09:53 To: oss-security@...ts.openwall.com Subject: [oss-security] Re: CVE request: XSS in MantisBT P Richards <paul@...> writes: > > According to github > https://github.com/mantisbt/mantisbt/commit/cabacdc2 > the fix referenced for CVE-2014-8986 has never been tagged to a 1.2.x > release. It would help if you looked at the 1.2.x commit... http://github.com/mantisbt/mantisbt/commit/e326b73a $ git describe --contains e326b73a release-1.2.18~27
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.