Launchpad has imported 1 comments from the remote bug at http://bugs.gentoo.org/show_bug.cgi?id=379739.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-08-18T15:34:15+00:00 David Hicks wrote: Original vulnerability report by Net.Edit0r (net.edi...@att.net) from BlACK Hat Group [http://black-hg.org] is available at: http://packetstormsecurity.org/files/104149 MantisBT bug report for full details of the issue: http://www.mantisbt.org/bugs/view.php?id=13245 Please note that the second SQL injection vulnerability identified by Net.Edit0r is not reproducible (refer to the MantisBT bug report above for reasons why). A patch for 1.2.6 is available at: https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b MantisBT 1.2.7 is currently being packaged and will be available shortly through usual channels for distributions and standalone users to pick up. Reproducible: Always Reply at: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/comments/0 ** Changed in: gentoo Status: Unknown => New ** Changed in: gentoo Importance: Unknown => Critical ** Bug watch added: Mantis Bug Tracker #13245 http://www.mantisbt.org/bugs/view.php?id=13245 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/828857 Title: MantisBT <1.2.7 search.php multiple XSS vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs