Debian Security Advisory
DSA-3120-1 mantis -- security update
- Date Reported:
- 06 Jan 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388, CVE-2014-9506, CVE-2014-6387, CVE-2013-4460, CVE-2013-1934, CVE-2013-1811.
- More information:
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.
For the stable distribution (wheezy), these problems have been fixed in version 1.2.18-1.
We recommend that you upgrade your mantis packages.