From ${URL} : It was found that config options of crypto_master_salt was available via SOAP API, due to wrong spelling, since MantisBT sensitive config options were blacklisted to prevent their access via SOAP API. Upstream report: http://sourceforge.net/p/mantisbt/mailman/message/32948048/ CVE assignment: http://seclists.org/oss-sec/2016/q1/4 After this vulnerability appeared, MantisBT was hardened to use whitelist approach instead of blacklisting: https://github.com/mantisbt/mantisbt/commit/7927c275 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Multiple vulnerabilities spread across 9 different bugs. No movement from maintainers in over a year.
Package removed