[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities
Bug #185021 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mantis (Debian) |
Fix Released
|
Unknown
|
|||
mantis (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mantis
References:
DSA-1467-1 (http://
Quoting:
"Several remote vulnerabilities have been discovered in Mantis, a web based
bug tracking system. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2006-6574
Custom fields were not appropriately protected by per-item access
control, allowing for sensitive data to be published.
CVE-2007-6611
Multiple cross site scripting issues allowed a remote attacker to
insert malicious HTML or web script into Mantis web pages."
Changed in mantis: | |
status: | Unknown → Fix Released |
Changed in mantis: | |
status: | New → Fix Released |
status: | New → Won't Fix |
Changed in mantis: | |
status: | New → Confirmed |
To post a comment you must log in.
For hardy fixed in mantis 1.0.8-4.