FS#42920 - [mantisbt] SQL injection (CVE-2014-9089)
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Thursday, 27 November 2014, 08:36 GMT
Last edited by Maxime Gauduin (Alucryd) - Monday, 01 December 2014, 09:09 GMT
Opened by Remi Gacogne (rgacogne) - Thursday, 27 November 2014, 08:36 GMT
Last edited by Maxime Gauduin (Alucryd) - Monday, 01 December 2014, 09:09 GMT
|
Details
A remote SQL injection has been found in mantisbt <=
1.2.17 [1]. If 1.2.18 is not released soon (no idea about
that) we may want to backport the security fix [2].
[1]: https://www.mantisbt.org/bugs/view.php?id=17841 [2]: https://github.com/mantisbt/mantisbt/commit/b0021673ab23249244119bde3c7fcecd4daa4e7f |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Monday, 01 December 2014, 09:09 GMT
Reason for closing: Fixed
Additional comments about closing: 1.2.17-5
Monday, 01 December 2014, 09:09 GMT
Reason for closing: Fixed
Additional comments about closing: 1.2.17-5
https://github.com/mantisbt/mantisbt/commit/49c3d089
https://github.com/mantisbt/mantisbt/commit/5f0b150b