Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 21 FEDORA-2015-12010 Critical: Mantis Information Disclosure

fedora
Calendar Grey August 7, 2015
Dist Fedora Esm H88
Urgent security update for Fedora 21 regarding sensitive data exposure in Mantis. Users are advised to implement the update immediately.
Security fix for CVE-2015-5059

Summary

Mantis is a free popular web-based issue tracking system.

It is written in the PHP scripting language and works with MySQL, MS SQL,

and PostgreSQL databases and a web server.

Almost any web browser should be able to function as a client.

Documentation can be found in: /usr/share/doc/mantis

When the package has finished installing, you will need to perform some

additional configuration steps; these are described in:

/usr/share/doc/mantis/README.Fedora

Update Information:

Security fix for CVE-2015-5059

Topics%20covered

Topics Covered

security advisory Fedora critical fix information disclosure mantis update recommendation

Change Log

* Thu Jul 23 2015 Gianluca Sforna - 1.2.19-3 - apply upstream patch for CVE-2015-5059 (#1237199) * Wed Jun 17 2015 Fedora Release Engineering - 1.2.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Mon Jan 26 2015 Gianluca Sforna - 1.2.19-1 - new upstream release - rebase patch - fix CVE-2014-9571, CVE-2014-9572, CVE-2014-9573 (#1183595) * Tue Dec 9 2014 Gianluca Sforna - 1.2.18-1 - new upstream release - drop upstreamed patches - fix several security issues, full list in upstream changelog: https://mantisbt.org/bugs/login_page.php?return=%2Fbugs%2Fchangelog_page.php * Fri Nov 14 2014 Gianluca Sforna - 1.2.17-4 - fix CVE-2014-7146, CVE-2014-8598 (#1162046) - fix CVE-2014-8554 (#1159295)

References


[ 1 ] Bug #1237199 - CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission https://bugzilla.redhat.com/show_bug.cgi?id=1237199

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update mantis' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mantis
Product: Fedora 21
Version: 1.2.19
Release: 3.fc21
URL: https://mantisbt.org/
Summary: Web-based issue tracking system

Topics%20covered

Topics Covered

security advisory Fedora critical fix information disclosure mantis update recommendation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here