Launchpad has imported 6 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=731777.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-08-18T15:39:09+00:00 David wrote: Original vulnerability report by Net.Edit0r ([email protected]) from BlACK Hat Group [http://black-hg.org] is available at: http://packetstormsecurity.org/files/104149 MantisBT bug report for full details of the issue: http://www.mantisbt.org/bugs/view.php?id=13245 Please note that the second SQL injection vulnerability identified by Net.Edit0r is not reproducible (refer to the MantisBT bug report above for reasons why). A patch for 1.2.6 is available at: https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b MantisBT 1.2.7 is currently being packaged and will be available shortly through usual channels. A CVE request and notice has been sent to oss- [email protected] Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/1 ------------------------------------------------------------------------ On 2011-08-18T19:54:37+00:00 Vincent wrote: Thanks so much for the report, David! Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/4 ------------------------------------------------------------------------ On 2011-08-18T19:57:10+00:00 Vincent wrote: Created mantis tracking bugs for this issue Affects: fedora-all [bug 731854] Affects: epel-5 [bug 731855] Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/5 ------------------------------------------------------------------------ On 2011-08-19T20:45:09+00:00 Vincent wrote: This was assigned the name CVE-2011-2938. Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/6 ------------------------------------------------------------------------ On 2012-08-10T18:59:40+00:00 Vincent wrote: Currently supported versions of Fedora have 1.2.8, which correct this flaw. EPEL's 1.1.8 may still be affected. Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/15 ------------------------------------------------------------------------ On 2013-03-15T04:24:06+00:00 Vincent wrote: EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned. As a result I'm closing this bug as this issue is fixed in Fedora. The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed. Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/16 ** Changed in: mantis (Fedora) Status: Unknown => Fix Released ** Changed in: mantis (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/828857 Title: MantisBT <1.2.7 search.php multiple XSS vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
