First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 203791
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 203791 depends on: Show dependency tree
Bug 203791 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-12-30 18:11 0000 
seiji has discovered a vulnerability in Mantis, which can be exploited by
malicious users to conduct script insertion attacks.

Input passed as the filename for the uploaded file in bug_report.php is not
properly sanitised before being stored. This can be exploited to insert
arbitrary HTML and script code, which is executed in a user's browser session
in context of an affected site when the malicious filename is viewed in
view.php.

Successful exploitation requires valid user credentials.

The vulnerability is confirmed in version 1.0.8. Other versions may also be
affected.

Solution:
Update to version 1.1.0.

------- Comment #1 From Pierre-Yves Rofes 2007-12-30 18:13:05 0000 ------- 
maintainers, please bump as necessary.

------- Comment #2 From Peter Volkov 2007-12-30 19:18:25 0000 ------- 
Fixed in mantisbt-1.0.8-r1.

------- Comment #3 From Robert Buchholz 2007-12-30 19:33:48 0000 ------- 
Arches, please test and mark stable www-apps/mantisbt-1.0.8-r1.
Target keywords : "amd64 ppc x86"

------- Comment #4 From Markus Meier 2008-01-01 17:00:07 0000 ------- 
x86 stable

------- Comment #5 From Pierre-Yves Rofes 2008-01-04 22:33:55 0000 ------- 
*** Bug 204331 has been marked as a duplicate of this bug. ***

------- Comment #6 From Lars Hartmann 2008-01-05 09:00:01 0000 ------- 
can someone please add "CVE-2007-6611" to the summary?
i dont have the needed permissions

------- Comment #7 From Tobias Scherbaum 2008-01-06 18:27:31 0000 ------- 
ppc stable

------- Comment #8 From Steve Dibb 2008-01-23 16:07:45 0000 ------- 
amd64 stable

------- Comment #9 From Sune Kloppenborg Jeppesen 2008-01-23 20:00:37 0000 ------- 
This one is ready for GLSA vote. I tend to vote YES.

------- Comment #10 From Hanno Boeck 2008-02-02 12:09:43 0000 ------- 
Both mantis 1.1.0 and 1.1.1 have fixed additional security issues
(CVE-2007-6611, CVE-2008-0404), maybe the glsa should wait for another
stabilization-round?

------- Comment #11 From Peter Volkov 2008-02-02 12:19:54 0000 ------- 
That's not necessary:  take a look at bug 207260. Stabilization of mantisbt-1.1
is in my TODO list but it's rather fresh release, so I wouldn't be hurry.

------- Comment #12 From Pierre-Yves Rofes 2008-02-10 20:11:54 0000 ------- 
voting YES, glsa request filed.

------- Comment #13 From Raphael Marichez 2008-02-10 21:58:42 0000 ------- 
I would have vote no for this "authenticated" XSS but that's OK, 2 Yes / 1 No.

------- Comment #14 From Sune Kloppenborg Jeppesen 2008-02-11 18:30:32 0000 ------- 
Or to be more precise it's 1½/1½. tend usually means ½ :-) If registration
is commonly open I'd say yes, if not then it would be NO.

------- Comment #15 From Robert Buchholz 2008-02-11 23:06:01 0000 ------- 
YES, was already filed.

------- Comment #16 From Pierre-Yves Rofes 2008-03-03 21:13:36 0000 ------- 
GLSA 200803-04
First Last Prev Next    No search results available      Search page      Enter new bug