Debian Security Advisory

DSA-3120-1 mantis -- security update

Date Reported:
06 Jan 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388, CVE-2014-9506, CVE-2014-6387, CVE-2013-4460, CVE-2013-1934, CVE-2013-1811.
More information:

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

For the stable distribution (wheezy), these problems have been fixed in version 1.2.18-1.

We recommend that you upgrade your mantis packages.