Package: mantis Version: 1.2.4-3 Severity: critical Tags: security patch upstream fixed-upstream
Original vulnerability report by Net.Edit0r (net.edi...@att.net) from BlACK Hat Group [http://black-hg.org] is available at: http://packetstormsecurity.org/files/104149 MantisBT bug report for full details of the issue: http://www.mantisbt.org/bugs/view.php?id=13245 Please note that the second SQL injection vulnerability identified by Net.Edit0r is not reproducible (refer to the MantisBT bug report above for reasons why). A patch for 1.2.6 is available at: https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b (Note: should backport fairly easily to 1.2.4 as well) A CVE request and notice has been sent to oss-secur...@lists.openwall.com
signature.asc
Description: This is a digitally signed message part
