Multiple severe vulnerabilities exist in <www-apps/mantisbt-1.2.9 as summarised at  (oss-security mailing list, where CVE requests have also been requested).
The MantisBT project has released version 1.2.9 resolving these vulnerabilities.
An urgent bump of the existing version 1.2.8 package in the tree to 1.2.9 and removal of 1.2.8 is requested.
CVE-2012-1118 MantisBT 1.2.8 10124 array value for
$g_private_bug_threshold configuration option allows bypass of access
CVE-2012-1119 MantisBT 1.2.8 13816 copy/clone bug report action failed
to leave an audit trail
CVE-2012-1120 MantisBT 1.2.8 13656
elete_bug_threshold/bugnote_allow_user_edit_delete access check bypass
via SOAP API
CVE-2012-1121 MantisBT 1.2.8 13561 managers of specific projects could
update global category settings
CVE-2012-1122 MantisBT 1.2.8 13748 incorrect access checks performed
when moving bugs between projects
CVE-2012-1123 MantisBT 1.2.8 13901 SOAP API null password
The mci_check_login function in api/soap/mc_api.php in the SOAP API in
MantisBT before 1.2.9 allows remote attackers to bypass authentication via a
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the
report_bug_threshold permission of the receiving project when moving a bug
report, which allows remote authenticated users with the
report_bug_threshold and move_bug_threshold privileges for a project to
bypass intended access restrictions and move bug reports to a different
MantisBT before 1.2.9 does not properly check permissions, which allows
remote authenticated users with manager privileges to (1) modify or (2)
delete global categories.
The SOAP API in MantisBT before 1.2.9 does not properly enforce the
bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which
allows remote authenticated users with read and write SOAP API privileges to
delete arbitrary bug reports and bug notes.
MantisBT before 1.2.9 does not audit when users copy or clone a bug report,
which makes it easier for remote attackers to copy bug reports without
The access_has_bug_level function in core/access_api.php in MantisBT before
1.2.9 does not properly restrict access when the private_bug_view_threshold
is set to an array, which allows remote attackers to bypass intended
restrictions and perform certain operations on private bug reports.
This issue was resolved and addressed in
GLSA 201211-01 at http://security.gentoo.org/glsa/glsa-201211-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).