[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities
Bug #185021 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| mantis (Debian) |
Fix Released
|
Unknown
|
|||
| mantis (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
| Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
| Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: mantis
References:
DSA-1467-1 (http://
Quoting:
"Several remote vulnerabilities have been discovered in Mantis, a web based
bug tracking system. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2006-6574
Custom fields were not appropriately protected by per-item access
control, allowing for sensitive data to be published.
CVE-2007-6611
Multiple cross site scripting issues allowed a remote attacker to
insert malicious HTML or web script into Mantis web pages."
| Changed in mantis: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Michael Bienia (geser) wrote | #1 |
Revision history for this message
| William Grant (wgrant) wrote | #2 |
| Changed in mantis: | |
| status: | New → Fix Released |
| status: | New → Won't Fix |
| Changed in mantis: | |
| status: | New → Confirmed |
Revision history for this message
| Sergio Zanchetta (primes2h) wrote | #4 |
| Changed in mantis (Ubuntu Gutsy): | |
| status: | Confirmed → Won't Fix |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #5 |
| Changed in mantis (Ubuntu Dapper): | |
| status: | New → Won't Fix |
To post a comment you must log in.
For hardy fixed in mantis 1.0.8-4.