Security Information / 2015 / Security Information -- DSA-3120-1 mantis

Debian Security Advisory

DSA-3120-1 mantis -- security update

Date Reported:

06 Jan 2015

Affected Packages:

mantis

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388, CVE-2014-9506, CVE-2014-6387, CVE-2013-4460, CVE-2013-1934, CVE-2013-1811.

More information:

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

For the stable distribution (wheezy), these problems have been fixed in version 1.2.18-1.

We recommend that you upgrade your mantis packages.