Bug 731777 (CVE-2011-2938)
Summary: | CVE-2011-2938 MantisBT <1.2.7 search.php multiple XSS vulnerabilities | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | David Hicks <d> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jrusnack, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.mantisbt.org/bugs/view.php?id=13245 | ||
Whiteboard: | |||
Fixed In Version: | mantis 1.2.7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-15 04:24:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 731854, 800667 | ||
Bug Blocks: |
Description
David Hicks
2011-08-18 15:39:09 UTC
Thanks so much for the report, David! Created mantis tracking bugs for this issue Affects: fedora-all [bug 731854] Affects: epel-5 [bug 731855] This was assigned the name CVE-2011-2938. Currently supported versions of Fedora have 1.2.8, which correct this flaw. EPEL's 1.1.8 may still be affected. EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned. As a result I'm closing this bug as this issue is fixed in Fedora. The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed. |