Package: mantis
Severity: grave
Tags: security
Version: 1.1.6+dfsg-2
There's a security issue in the mantis version in lenny, at least,
which allows registered users to run commands on the server.
Details here:
http://secunia.com/advisories/32314/
Patch here:
http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679
Steve
--
Stop blog&forum spam
http://blogspam.net/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
