[Secure-testing-team] Bug#698481: mantis: multiple XSS vulnerabilities
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 19 06:55:31 UTC 2013
Package: mantis
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
Some vulnerabilities in mantis where reported:
[1]: http://www.mantisbt.org/bugs/view.php?id=15373 (CVE-2013-0197)
http://marc.info/?l=oss-security&m=135853951928065&w=2
[2]: http://www.mantisbt.org/bugs/view.php?id=15384 (CVE requested)
http://marc.info/?l=oss-security&m=135855157632710&w=2
[3]: http://www.mantisbt.org/bugs/view.php?id=15258 (CVE requested)
http://marc.info/?l=oss-security&m=135855599401856&w=2
Please include the CVE identifiers.
For [2] it is mentioned that it was only introduced in 1.2.12 and
other versions should not be vulnerable, but have listet here too to
check.
Patches for all should be in the bugtracker.
Regards,
Salvatore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ+kNeAAoJEHidbwV/2GP+LUUQANBaVV/M3fv7rEbwxtA/ZjYj
KrJ0pQ7Vfy+pTvGugpkweNb7mGkiJ9HqyxOyvX01s6fF9ZvAfrl6YiiSIn5a07ZL
XZa0YXtn44a9LbrOvf8/sGoYddM4b8SoG04vr9HmQsnwP2NCUnJpUu0vDCdEq9sK
AKHEHtQE/A5t2jmWe8Wp8CHFXPe+pGzkU+YceiBFUSBvbjoqJhB3u8vKDXkWWD0E
2s04VOQEoQTVyCfUITXl4Luidc0Qx/DFLwULicNTB94p0pEwpti6UBthaeZYU8xH
g31O6wdxkP5aayMAFpCZH3LTYE9UOCQYlmckMR5EpMfeYdwZ/Snt0lNJDi0yQYwV
lZTwseJ4UbNmDcutBBvKKmx48SBrzNC9VVxNiTilqe4c59LOIHQOj8wKwdnEdHuT
94pqvyPH3SuDKrWnXQf3edDHqlLeEwtW2Ct28TCBWVX6nEOdLTiPh4DvNHARr/Jh
ylVMiyHQWAxDmPJqjYPj5MbSWhXrvP9YmNPNgcsvmh9EK5Z8rTR/hiULU3hqgr7E
KzNav8kJu+Rk9GCxcVj3rh5ytZLW5r5Due2ILst8E3AFJYmqmlhZFde1uUPZllXm
2j5iOd/mshuhYFvnGFmIKdwdtwyjDYVprAB7/mUh5/7oprni5kRGP86LH6i02QG4
qsO6i7wIomLpU4iw0EHX
=SKll
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list