subject:"Bug#669925\: mantis\: CVE\-2012\-1120 \(split of CVEs in #662858 for better tracking\)"

Bug#669925: mantis: CVE-2012-1120 (split of CVEs in #662858 for better tracking)

2012-04-21 Thread midget

Package: mantis Version: 1.1.8+dfsg-10squeeze1 Severity: grave Tags: squeeze security Justification: user security hole This is a split of Debian Bug report #662858 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact

Bug#669925: mantis: CVE-2012-1120 (split of CVEs in #662858 for better tracking)

2012-04-21 Thread Dario Minnucci

tags 669925 +patch thanks Hi, Attached you'll find a possible patch for CVE-2012-1120. Description: Fix for CVE-2012-1120: Delete_bug_threshold/bugnote_allow_user_edit_delete access check bypass Bug-Mantis: http://www.mantisbt.org/bugs/view.php?id=13656 Bug-Debian: