Fedora 21 Security Update: mantis-1.2.18-1.fc21

Resolved Bugs
1171714 – CVE-2014-9279 CVE-2014-9280 mantis: various flaws [fedora-all]
1171709 – CVE-2014-9280 mantis: PHP Object Injection in filter API
1171713 – CVE-2014-9279 mantis: database credentials disclosure in MantisBT’s unattended upgrade script
1170542 – CVE-2014-6316 mantis: URL redirection issue
1170543 – CVE-2014-6316 mantis: URL redirection issue [fedora-all]
1170193 – CVE-2014-9272 mantis: XSS in string_insert_hrefs()
1170196 – mantis: XSS in string_insert_hrefs() [fedora-all]
1170192 – CVE-2014-9281 mantis: XSS in admin panel / copy_field.php
1170194 – mantis: XSS in admin panel / copy_field.php [fedora-all]
1170188 – CVE-2014-9270 mantis: XSS in projax_api.php
1170189 – mantis: XSS in projax_api.php [fedora-all]
1170180 – CVE-2014-9269 mantis: XSS in extended project browser
1170182 – mantis: XSS in extended project browser [fedora-all]
1168618 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form
1168621 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form [fedora-all]
1168161 – CVE-2014-9089 mantis: SQL injection in view_all_set.php
1168163 – CVE-2014-9089 mantis: SQL injection in view_all_set.php [fedora-all]
1165152 – CVE-2014-8987 mantis: XSS on Configuration Report page
1165153 – mantis: XSS on Configuration Report page [fedora-all]
1164631 – CVE-2014-8988 mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release
1164632 – mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release [fedora-all]
1164620 – CVE-2014-8986 mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release
1164621 – mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release [fedora-all]
1169163 – mantis: various flaws [fedora-all]
1169162 – mantis: PHP object injection in filter API
1169194 – mantis: database credentials leak<br
Security fix for CVE-2014-9280, CVE-2014-9279, CVE-2014-6316, CVE-2014-9117, CVE-2014-9089

Leave a Reply