Thijs Kinkhorst wrote:
On Thu, 2005-10-27 at 15:49 +0200, Moritz Muehlenhoff wrote:
All affect Sarge.
I've prepared updated packages for sarge. My updated package for sid is
still pending with my sponsor Luk Claes. The updated packages for sarge
are available here:
Thijs Kinkhorst wrote:
All affect Sarge.
I've prepared updated packages for sarge. My updated package for sid is
still pending with my sponsor Luk Claes. The updated packages for sarge
are available here:
http://www.a-eskwadraat.nl/~kink/mantis_sec/
They are not signed since I'm not a
On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote:
The included patches look fine and correlate to what I extracted from the
interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959?
The mantis bug is non-public, but according to the description it's
a cross-site-scripting
Thijs Kinkhorst wrote:
On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote:
The included patches look fine and correlate to what I extracted from the
interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959?
The mantis bug is non-public, but according to the description
On Mon, 2005-10-31 at 17:22 +0100, Moritz Muehlenhoff wrote:
It's hard to tell, whether it's the same issue as #5959 is non-public, but at
least there are two different CVE mappings. (CVE-2005-2557 and CVE-2005-3337).
But it might very well be that the CVE description is wrong, as all these
Hello All,
On Thu, 2005-10-27 at 15:49 +0200, Moritz Muehlenhoff wrote:
All affect Sarge.
I've prepared updated packages for sarge. My updated package for sid is
still pending with my sponsor Luk Claes. The updated packages for sarge
are available here:
On Wed, October 26, 2005 23:30, Moritz Muehlenhoff wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/ for
Thijs Kinkhorst wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/ for details.
Hello Moritz,
Thank
On Thu, October 27, 2005 11:26, Moritz Muehlenhoff wrote:
I assume you've prepared packages of 0.19.3?
This would address the SQL injection issue and the other XSS in
view_all_set as well, which are both not yet in the BTS.
Yes, I have.
Thijs
Moritz Muehlenhoff wrote:
Thijs Kinkhorst wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/ for
On Thu, October 27, 2005 14:56, Martin Schulze wrote:
I assume you've prepared packages of 0.19.3?
This would address the SQL injection issue and the other XSS in
view_all_set as well, which are both not yet in the BTS.
The latest issues have been assigned CVE-2005-333[6789], BTW.
Do you
Martin Schulze wrote:
Thijs Kinkhorst wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to
perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/
Package: mantis
Version: 0.19.2-4
Severity: grave
Tags: security
Justification: user security hole
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited
to perform arbitrary file inclusion. Please see
13 matches
Mail list logo
