Subject: CVE request: mantis < 1.1.2
Newsgroups: gmane.comp.security.oss.general
Date: 2008-07-21 07:56:03 GMT (49 weeks, 5 days, 18 hours and 18 minutes ago)
Hi! New mantis 1.1.2 fixes multiple security issues: http://www.mantisbt.org/bugs/changelog_page.php - 0008974: [security] XSS Vulnerability in filters (thraxisp) - closed. - 0008975: [security] CSRF Vulnerabilities in user_create (jreese) - closed. - 0008976: [security] Remote Code Execution in adm_config (giallu) - closed. - 0009154: [security] arbitrary file inclusion through user preferences page (giallu) - closed. First 3 are described in the bugtraq post from ~2months ago: http://marc.info/?l=bugtraq&m=121130774617956&w=4 with issue B) / CSRF / 0008975 being known as CVE-2008-2276. -- Tomas Hoger / Red Hat Security Response Team