Package: mantis Version: 0.19.2-4 Severity: grave Tags: security Justification: user security hole
Another security problem has been found in mantis. Insufficient input sanitising of the t_core_path parameter may be exploited to perform arbitrary file inclusion. Please see http://secunia.com/secunia_research/2005-46/advisory/ for details. Cheers, Moritz -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.29-vs1.2.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mantis depends on: pn apache | apache-ssl Not found. ii debconf 1.4.30.13 Debian configuration management sy ii grep 2.5.1.ds1-4 GNU grep, egrep and fgrep ii mysql-client-4.1 [mysql- 4.1.11a-4sarge2 mysql database client binaries pn php3 | php4 Not found. ii php4-mysql 4:4.3.10-16 MySQL module for php4 pn wwwconfig-common Not found. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
