Re: Bug#595510: mantis: CVE-2010-2574 xss vulnerability

To: 595510@bugs.debian.org
Cc: submit@bugs.debian.org, debian-security-tracker@lists.debian.org, control@bugs.debian.org
Subject: Re: Bug#595510: mantis: CVE-2010-2574 xss vulnerability
From: sils <sils@powered-by-linux.com>
Date: Sat, 04 Sep 2010 23:08:25 +0200
Message-id: <[🔎] 4C82B549.3020200@powered-by-linux.com>
Reply-to: sils@powered-by-linux.com
In-reply-to: <20100904133251.7ee290df.michael.s.gilbert@gmail.com>
References: <20100904133251.7ee290df.michael.s.gilbert@gmail.com>

found 595510 1.1.8+dfsg-5
found 595510 1.1.6+dfsg-2lenny1
forwarded 595510 http://www.mantisbt.org/bugs/view.php?id=12230
tag 595510 +patch
thanks

Hi all,

Sorry, it was a misunderstanding.

As referenced in [0], reported by Secunia, SA40832 [1] (which refers to
(CVE-2010-2574 [2]), there is an XSS vulnerability when deleting (not
when adding) categories that have been maliciously named.

The bug seems to be fixed on upstream's git repository [3], I am working
to solve it ASAP.

The bug report is applicable to all distributed versions of mantis in
Debian, sorry for the confusion.

Thanks all for your time.

PS: thanks Oliver for your 2 cents.

[0] http://www.mantisbt.org/bugs/view.php?id=12230
[1] http://secunia.com/advisories/40832/
[2] http://secunia.com/advisories/cve_reference/CVE-2010-2574/
[3]
http://git.mantisbt.org/?p=mantisbt.git;a=commitdiff;h=083c34f06ca927b16e781bae3ae324f450c35ea4

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Re: Bug#595510: mantis: CVE-2010-2574 xss vulnerability
Next by Date: Re: Bug#595510: mantis: CVE-2010-2574 xss vulnerability
Previous by thread: Re: Bug#595510: mantis: CVE-2010-2574 xss vulnerability
Next by thread: DSA-2107-1 vs. tracker
Index(es):
- Date
- Thread