Debian Security Advisory 2500-1

Debian Security Advisory 2500-1: Posted Jun 24, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2500-1 - Several vulnerabilities were discovered in Mantis, an issue tracking system.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2012-1118, CVE-2012-1119, CVE-2012-1120, CVE-2012-1122, CVE-2012-1123, CVE-2012-2692; SHA-256 | 4e578def420b51119664c3d40a1611bc1e6799ca9644f447c53ee0e185928aa1; Download | Favorite | View

Debian Security Advisory 2500-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2500-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
June 24, 2012                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mantis
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-1118 CVE-2012-1119 CVE-2012-1120 CVE-2012-1122
                CVE-2012-1123 CVE-2012-2692

Several vulnerabilities were discovered in Mantis, am issue tracking
system.

CVE-2012-1118
  Mantis installation in which the private_bug_view_threshold
  configuration option has been set to an array value do not
  properly enforce bug viewing restrictions.

CVE-2012-1119
  Copy/clone bug report actions fail to leave an audit trail.

CVE-2012-1120
  The delete_bug_threshold/bugnote_allow_user_edit_delete
  access check can be bypassed by users who have write
  access to the SOAP API.

CVE-2012-1122
  Mantis performed access checks incorrectly when moving bugs
  between projects.

CVE-2012-1123
  A SOAP client sending a null password field can authenticate
  as the Mantis administrator.

CVE-2012-2692
  Mantis does not check the delete_attachments_threshold
  permission when a user attempts to delete an attachment from
  an issue.

For the stable distribution (squeeze), these problems have been fixed
in version 1.1.8+dfsg-10squeeze2.


For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.2.11-1.

We recommend that you upgrade your mantis packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJP5wlDAAoJEL97/wQC1SS+3uUH/iSpSYaS0ZHHlvJVyTXUzs4S
R6tC8HYpbtgrZo4BYJk4ynWh/jpY3TVcuy5ekH5BSmNKmP0NTZ5VWoEzIu3HmU+a
86DCwxdhRTlzw7NDltiK7Q3EDtvIqb5u1j6Us+V2CUfENKI3MA9CBzBCMLhuco4w
noN/+OaZ0LG9YgDTKBxmWJYNGb0a7h+Me0/hsBg6+E9L345vGS3WLibnj1Balvld
RWH3BClh2jj6TdGvQJboDVShnIDJEe8FINCavCSKWF+EjQBkxM8ffDDQaNGiAlNZ
GsG8P4VGJ4KscB+Avr/XKfi/fCN7ZkhdQu3ymbgTOhfUeKFjJaRiR3WZbMfhIs4=
=ghRd
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Debian Security Advisory 2500-1

Debian Security Advisory 2500-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2500-1

Share This

Debian Security Advisory 2500-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems