On Wed, October 26, 2005 23:30, Moritz Muehlenhoff wrote: > Another security problem has been found in mantis. Insufficient > input sanitising of the t_core_path parameter may be exploited to perform > arbitrary file inclusion. Please see > http://secunia.com/secunia_research/2005-46/advisory/ for details.
Hello Moritz, Thank you for your report. I've prepared an NMU for all the recent security problems in Mantis which is now awaiting review by my sponsor. Thijs
