oss-security December 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: MantisBT <=1.2.3 (d

[oss-security] CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability

From: David Hicks <hickseydr_at_nospam>
Date: Wed Dec 15 2010 - 02:54:17 GMT
To: oss-security@lists.openwall.com

This is a CVE request for a vulnerability discovered in MantisBT <1.2.4
by Gjoko Krstic of Zero Science Lab as per the following advisory:


MantisBT 1.2.4 has been released to resolve this issue.

For distributions or users using MantisBT 1.1.x, the following patch can
be applied:

Please note that MantisBT 1.1.x is not recommended for use due to many
security improvements and features implemented in MantisBT 1.2.x (but
not backported to 1.1.x).

Detailed information about this vulnerability can be found in this bug
report: http://www.mantisbt.org/bugs/view.php?id=12607


David Hicks
MantisBT Developer
mantisbt.org, #mantishelp freenode