Package: mantis Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for mantis.
CVE-2008-4689[0]: | Mantis before 1.1.3 does not unset the session cookie during logout, | which makes it easier for remote attackers to hijack sessions. CVE-2008-4688[1]: | core/string_api.php in Mantis before 1.1.3 does not check the | privileges of the viewer before composing a link with issue data in | the source anchor, which allows remote attackers to discover an | issue's title and status via a request with a modified issue number. Patch for the first issue: http://www.mantisbt.org/bugs/file_download.php?file_id=1988&type=bug Looks like this does not cleanly apply but the version in Debian leaks the same logic. Patch for the second issue: http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285&r2=5384&pathrev=5384&diff_format=h If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 http://security-tracker.debian.net/tracker/CVE-2008-4689 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 http://security-tracker.debian.net/tracker/CVE-2008-4688 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpWBfH4vWz5X.pgp
Description: PGP signature
