1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3120-1] mantis security update

    From Moritz Muehlenhoff@1:229/2 to All on Tue Jan 6 21:40:02 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3120-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 06, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : mantis
    CVE ID : CVE-2014-6316 CVE-2014-7146 CVE-2014-8553 CVE-2014-8554
    CVE-2014-8598 CVE-2014-8986 CVE-2014-8988 CVE-2014-9089
    CVE-2014-9117 CVE-2014-9269 CVE-2014-9270 CVE-2014-9271
    CVE-2014-9272 CVE-2014-9280 CVE-2014-9281 CVE-2014-9388

    Multiple security issues have been found in the Mantis bug tracking
    system, which may result in phishing, information disclosure, CAPTCHA
    bypass, SQL injection, cross-site scripting or the execution of arbitrary
    PHP code.

    For the stable distribution (wheezy), these problems have been fixed in
    version 1.2.18-1.

    We recommend that you upgrade your mantis packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJUrEbbAAoJEBDCk7bDfE42Xr8P/iajPz2wMs3H497dirI3AaMD mfszzE/nZAieBsO3AU+sh9nM6pq658sHSfsG3vUwuI2w/eJJKrNxzkxmN3fgxX1E 7B0/IPFMd2bEdXNk9eiA1BcV10NyjeP+GluBU1j9JvUU8sVMwnT8XPBEHFPZNZDO oksn5zP3lJtRTooILRIvxFftLBNHPSqY93IR+ke/5iWRl09vO8oNmSnNovCkg8Q0 RWi+0VFZky16H7Hzx24OdaY74cCvw5OuKU0AM2Phs5tvl27/txuafWov/2ecWSn/ fkDUWkxRBjFzneeVXesUrU/jNhjkrd6daOJZVOpr7XNaoYAuiWF7p2lKplcrs+mK 0cUuitRQLhsTA1VMRShLKAhbgrSzSO8ytGoGrpnb6LI4M3BtuAY3aaZwccR5HOFS SXpXhn+5P7beTwQ2YtC7qZENaXGwEcFHHDngYtqvRONcpItL2N3PrpyxlMNiXrGt Z6+/BefdhN4f+K5gKdBoifMiUYnRfcdWqp2nmEj6Bwt8sxtovdnjVkiH0GvPj13Z JNP4LkgwJf8Y5S+zfEdKelrnf61tS9+enJdAPjXCxEDwlpXIfSmLB3JzFHiXF364 jvADdhxblvERg085zfwfY8S+akkmssqHAGfhqgejcxTtm0qAzdhdUsAwvLCO52z6 d/YMyKiTxrKzkT/FjOZg
    =2i5H
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)