Thijs Kinkhorst wrote:
> > Another security problem has been found in mantis. Insufficient
> > input sanitising of the t_core_path parameter may be exploited to perform
> > arbitrary file inclusion. Please see
> > http://secunia.com/secunia_research/2005-46/advisory/ for details.
>
> Hello Moritz,
>
> Thank you for your report. I've prepared an NMU for all the recent
> security problems in Mantis which is now awaiting review by my sponsor.
I assume you've prepared packages of 0.19.3?
This would address the SQL injection issue and the other XSS in view_all_set
as well, which are both not yet in the BTS.
The latest issues have been assigned CVE-2005-333[6789], BTW.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
