Comment 27 for bug 690482

Thanks Jan & Gianluca.

Debian (and by extension Ubuntu) use the same Apache configuration to help protect the /admin/ directory. As a result they have decided that the severity of the bug is not as high as first anticipated by upstream.

I guess it comes down to whether a typical user of this package will keep the /admin/ directory permissions in a locked down state.

This issue is more of a concern for Gentoo (and MantisBT users using the upstream package) where the /admin/ directory permissions are not in place.