A flaw was found in the way that the Mantis BTS handled attachments and MIME types. A user could upload an HTML file renamed to a .gif and Mantis would calculate the actual MIME type of the file as text/html. A user tricked into thinking they were clicking a .gif attachment would instead have the full HTML file rendered in the browser, rather than having it treated as a downloadable file or displayed in plain text. References: http://www.mantisbt.org/bugs/view.php?id=11952 http://www.mantisbt.org/blog/?p=113 This was corrected in upstream version 1.2.2 and affects current Fedora 12, 13, rawhide, and EPEL5.
Created mantis tracking bugs for this issue Affects: fedora-all [bug 620993]
Hi Vincent, thanks for the report. It seems to me the flaw reported here affects 1.2.x versions. The version we are still shipping in all Fedora/EPEL branches (1.1.8) is not affected by the flaw.
Ah yes, you're absolutely correct. I missed the part in the blog post indicating it was 1.2.x. Thanks for looking, I'll close this and the tracker then.