[Frugalware-git] homepage-ng: FSA675-mantis
Miklos Vajna
vmiklos at frugalware.org
Tue Aug 3 12:38:03 CEST 2010
Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=db2e298786298e102a557e16b0e3949fa77f7ea7
commit db2e298786298e102a557e16b0e3949fa77f7ea7
Author: Miklos Vajna <vmiklos at frugalware.org>
Date: Tue Aug 3 12:37:57 2010 +0200
FSA675-mantis
diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 3bc786b..1995b8f 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@
<fsas>
<fsa>
+ <id>675</id>
+ <date>2010-08-03</date>
+ <author>Miklos Vajna</author>
+ <package>mantis</package>
+ <vulnerable>1.1.8-1</vulnerable>
+ <unaffected>1.2.2-1locris1</unaffected>
+ <bts>http://bugs.frugalware.org/task/4279</bts>
+ <cve>No CVE, see http://www.mantisbt.org/blog/?p=113</cve>
+ <desc>A vulnerability has been discovered in Mantis, which can be exploited by malicious users to conduct script insertion attacks.
+ Input passed in uploaded attachments is not properly verified before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when a malicious file with e.g. a "gif" extension is viewed with the Microsoft Internet Explorer browser.
+ Successful exploitation requires permissions to upload attachments.</desc>
+ </fsa>
+ <fsa>
<id>674</id>
<date>2010-06-18</date>
<author>Miklos Vajna</author>
More information about the Frugalware-git
mailing list