Security Information / 2011 / Security Information -- DSA-2308-1 mantis

Debian Security Advisory

DSA-2308-1 mantis -- several vulnerabilities

Date Reported:

12 Sep 2011

Affected Packages:

mantis

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 640297.
In Mitre's CVE dictionary: CVE-2011-3357, CVE-2011-3358.

More information:

Several vulnerabilities were found in Mantis, a web-based bug tracking system: Insufficient input validation could result in local file inclusion and cross-site scripting.

For the oldstable distribution (lenny), this problem has been fixed in version 1.1.6+dfsg-2lenny6.

For the stable distribution (squeeze), this problem has been fixed in version 1.1.8+dfsg-10squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 1.2.7-1.

We recommend that you upgrade your mantis packages.