Bug 169220

Summary:	File inclusion, upload, XSS, and SQL injection vulnerabilities
Product:	[Fedora] Fedora	Reporter:	Ville Skyttä <scop>
Component:	mantis	Assignee:	Gianluca Sforna <giallu>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	4	CC:	dennis, extras-qa, roozbeh
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	0.19.4-1	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-10-20 22:51:44 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ville Skyttä 2005-09-25 09:26:36 UTC

http://secunia.com/advisories/16506/
http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml

Comment 1 Ville Skyttä 2005-10-22 07:38:26 UTC

ping

Comment 2 Ville Skyttä 2005-10-26 21:13:17 UTC

...and the newest one, rated highly critical: 
http://secunia.com/advisories/16818/

Comment 3 Ville Skyttä 2005-12-22 22:26:31 UTC

There's more: 0.19.4 fixes:

- #0006419: [security] File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
- #0006420: [security] Injection Vulnerabilities in Filters (TKADV2005-11-002)
(thraxisp)
- #0006457: [security] SQL Injection in manage user page (TKADV2005-11-002)
(vboctor)
- #0006460: [security] HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- #0006486: [security] Port XSS Vulnerability in filters (TKADV2005-11-002)
(thraxisp)

http://seclists.org/lists/fulldisclosure/2005/Dec/1214.html

Comment 4 Roozbeh Pournader 2006-01-02 10:37:54 UTC

Extras currently has mantis-0.19.4-1.fc4. So most of these are irrelevant.

> http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml

This is only for < 0.19.2.

> http://secunia.com/advisories/16818/

This is only for < 0.19.3.

> http://seclists.org/lists/fulldisclosure/2005/Dec/1214.html

Again, these are for < 0.19.4.

> http://secunia.com/advisories/16506/

In this, it says that from the five vulnerabilities listed, three are fixed in
0.19.3. Ville, would you please investigate the other two (#3 and #4 in the
referred page) further?

Comment 5 Ville Skyttä 2006-01-02 15:55:14 UTC

(In reply to comment #4)
> Extras currently has mantis-0.19.4-1.fc4. So most of these are irrelevant.

They were not irrelevant at the time I reported them :)

> Ville, would you please investigate the other two (#3 and #4 in the
> referred page) further?

Sorry, I don't have time for that (I don't have any use for mantis myself); I'm
just reporting security bugs I happen to notice somewhere that don't seem to be
fixed in Extras.

Comment 6 Dennis Gilmore 2006-03-09 19:12:19 UTC

Enrico  can i please ask you to check on the last few remaining issues here 
please?

Comment 7 Dennis Gilmore 2006-09-15 15:03:23 UTC

Enrico,

Please ensure that all issues are fixed.  

If not I will request that mantis be removed from extras for FC-6

Comment 8 Ville Skyttä 2006-10-10 17:48:21 UTC

Reassign to current maintainer.

Comment 9 Gianluca Sforna 2006-10-20 22:51:44 UTC

I had a look at the reports: what I understand is that all issues are addressed
in the currently distributed versions.

The only unsure reports are #3 and #4 in

http://secunia.com/advisories/16506/

but it looks like they are not detailed enough to understand how/if the app is
vulnerable.

closing CURRENTRELEASE