SQL injection issues were discovered in MantisBT, an open source issue tracker. CVE-2014-1608 patch: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102 CVE-2014-1609 patch: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f It was reported that versions 1.1.0a4 to 1.2.15 are affected. References: http://www.ocert.org/advisories/ocert-2014-001.html
Created mantis tracking bugs for this issue: Affects: fedora-all [bug 1063113] Affects: epel-5 [bug 1063114]
mantis-1.2.17-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mantis-1.2.17-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.