Resolved Bugs
800667 – mantis: many security flaws [epel-5]
924342 – CVE-2013-1883 mantis: Site / db server DoS via certain View Issues page search query [epel-5]
1165154 – mantis: XSS on Configuration Report page [epel-all]
1171715 – CVE-2014-9279 CVE-2014-9280 mantis: various flaws [epel-5]
1169164 – mantis: various flaws [epel-5]
948997 – CVE-2013-1931 CVE-2013-1934 mantis various flaws [epel-5]
1164622 – mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release [epel-5]
1168164 – CVE-2014-9089 mantis: SQL injection in view_all_set.php [epel-5]
1183596 – CVE-2014-9573 CVE-2014-9572 CVE-2014-9571 mantis: multiple issues [epel-all]
1141310 – CVE-2014-6387 mantis: null byte poisoning in LDAP authentication
1162048 – CVE-2014-8598 CVE-2014-7146 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release [epel-5]
1063114 – CVE-2014-1609 CVE-2014-1608 mantis: SQL injection issues [epel-5]
1168622 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form [epel-5]
1141314 – mantis: null byte poisoning in LDAP authentication [epel-5]
1159680 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609 [epel-5]
1164633 – mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release [epel-5]
1170183 – mantis: XSS in extended project browser [epel-5]
1191134 – mantis: XSS in adm_config_report.php [epel-all]
902333 – mantis: Reporter privilege user can change bug state to NEW [epel-5]<br
With this update we are going to move to the 1.2 series from upstream, so we close all known security issues and newer security fixes can be applied easily.
PLEASE NOTE:
This update needs *DB SCHEMA CHANGES* to get correctly deployed,
so please be sure to test it on a backup instance.
Please refer to upstream documentation for upgrade steps.