Package: mantis Severity: grave Tags: security Justification: user security hole
Lots of vulnerabilites have yet again been found in Mantis: CVE-2005-4524: Notes on private bugs may be leaked. CVE-2005-4523: Private bugs may be leaked through RSS feeds. CVE-2005-4522: XSS in view_filters_page.php. CVE-2005-4521: Two CRLF injection vulnerabilities. CVE-2005-4520: Unspecified "port injection". CVE-2005-4519: Multiple SQL injection vulnerabilities. CVE-2005-4518: Bypass of file upload restrictions. CVE-2005-4238: XSS in view_filters_page.php. See here for more information: http://www.trapkit.de/advisories/TKADV2005-11-002.txt http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 [Hilko, in another bug you said you're no longer interested in this piece of code. If this is still true, please orphan it] Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
