Package: mantis Version: 1.0.6+dfsg-2 Severity: important Tags: security A security issue has been reported in Mantis, which can be exploited by malicious people to disclose sensitive information.
The security issue is caused due to an unspecified error in the handling of custom fields, that are only visible for a project manager. This can be exploited to disclose the contents of custom fields via the history. The vulnerability is reported in versions prior to 1.1.0a2. http://secunia.com/advisories/23258/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
