Package: mantis Version: 1.2.10-1 Severity: important Tags: security patch upstream fixed-upstream
Hi Sils, The MantisBT project has just released MantisBT 1.2.11 which fixes 2 vulnerabilities as per the oss-secur...@lists.openwall.com notice at [1]. These issues are repeated below for your information (to help you decide whether they affect Debian's default MantisBT configuration): CVE REQUEST #1 Title: Reporters can edit arbitrary bugnotes via SOAP API Affected: MantisBT 1.2.10 and earlier versions Not affected: MantisBT 1.2.11 Description: Roland Becker and Damien Regad (MantisBT developers) found that any user able to report issues via the SOAP interface could also modify any bugnotes (comments) created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report new issues. This vulnerability therefore impacts upon many public facing MantisBT installations. CVE REQUEST #2 Title: delete_attachments_threshold not checked on attachment deletion Affected: MantisBT 1.2.10 and earlier versions Not affected: MantisBT 1.2.11 Description: Roland Becker (MantisBT developer) found that the delete_attachments_threshold permission was not being checked when a user attempted to delete an attachment from an issue. The more generic update_bug_threshold permission was being checked instead. MantisBT administrators may have been under the false impression that their configuration of the delete_attachments_threshold was successfully preventing unwanted users from deleting attachments. Patches for the first issue (SOAP bugnote editing): [4] and [5]. Patches for the second issue (attachment deletion): [6], [7] and [8]. The patches aren't the best in the world (my initial commits had a few errors because I couldn't test SOAP API)... sorry. Please advise if I can be of further assistance. With thanks, David Hicks MantisBT Developer #mantisbt irc.freenode.net http://www.mantisbt.org/bugs/ [1] http://www.openwall.com/lists/oss-security/2012/06/09/1 [2] http://www.mantisbt.org/bugs/view.php?id=14340 [3] http://www.mantisbt.org/bugs/view.php?id=14016 [4] http://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e [5] http://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0 [6] http://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c [7] http://github.com/mantisbt/mantisbt/commit/628e93708fa7e35e751fd23863d207423a25c408 [8] http://github.com/mantisbt/mantisbt/commit/c9314184f541f0e3e3b91b3533104e50292c3e68
signature.asc
Description: This is a digitally signed message part
