Red Hat Bugzilla – Bug 219937
CVE-2006-6574: mantis < 1.1.0a2 information disclosure
Last modified: 2007-11-30 17:11:51 EST
"Mantis before 1.1.0a2 does not implement per-item access control for Issue
History (Bug History), which allows remote attackers to obtain sensitive
information by reading the Change column, as demonstrated by the Change column
of a custom field."
All FE releases are possibly affected.
both fixed in CVS
Patched packages are now published in all branches (FC5, FC6 and devel)