Hi Olivier, Thank you for the response.
On Wed, 2010-12-15 at 09:13 +0100, Olivier Berger wrote: > AFAICT, Debian installations may not be vulnerable as the admin/ dir is > protected in principle by the Apache configuration of the package : This is good/recommended practice so this bug will probably not affect the Debian MantisBT package. I also heard the same news from Micah Gersten (Ubuntu MantisBT maintainer) regarding the disablement of the admin/ directory. > Maybe the security/severity should be downgraded ? Agreed. Regards, David
signature.asc
Description: This is a digitally signed message part
