Detailed summary in here: http://seclists.org/oss-sec/2012/q1/574
A list of CVE-identifiers below: CVE-2012-1118 MantisBT 1.2.8 10124 array value for $g_private_bug_threshold configuration option allows bypass of access checks CVE-2012-1119 MantisBT 1.2.8 13816 copy/clone bug report action failed to leave an audit trail CVE-2012-1120 MantisBT 1.2.8 13656 elete_bug_threshold/bugnote_allow_user_edit_delete access check bypass via SOAP API CVE-2012-1121 MantisBT 1.2.8 13561 managers of specific projects could update global category settings CVE-2012-1122 MantisBT 1.2.8 13748 incorrect access checks performed when moving bugs between projects CVE-2012-1123 MantisBT 1.2.8 13901 SOAP API null password authentication bypass - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
