Secure testing team - Oct 2010 - Bug#599710: CVE-2010-3303

Package: mantis
Severity: grave
Tags: security

Out of the six security issues fixed in mantis 1.2.3, two
have already been fixed in Squeeze/sid. The four remaining
XSS issues have been assigned CVE-2010-3303. Please see
the following link in the Red Hat BTS for details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3303

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages mantis depends on:
pn  apache2 | httpd               <none>     (no description available)
pn  dbconfig-common               <none>     (no description available)
ii  debconf                       1.5.35     Debian configuration management sy
pn  libapache2-mod-php5 | php5-cl <none>     (no description available)
pn  libphp-adodb                  <none>     (no description available)
pn  libphp-phpmailer              <none>     (no description available)
ii  ucf                           3.0025     Update Configuration File: preserv

Versions of packages mantis recommends:
pn  mysql-client                  <none>     (no description available)
pn  php5-mysql                    <none>     (no description available)

Versions of packages mantis suggests:
pn  mysql-server                  <none>     (no description available)
pn  php5-cli                      <none>     (no description available)