Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3755 to the following vulnerability: Name: CVE-2011-3755 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3755 Assigned: 20110923 Reference: http://www.openwall.com/lists/oss-security/2011/06/27/6 Reference: http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README Reference: http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mantisbt-1.2.4 MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files.
Created mantis tracking bugs for this issue Affects: fedora-all [bug 741402] Affects: epel-5 [bug 741403]
EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned. As a result I'm closing this bug as this issue is fixed in Fedora. The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed. Fedora has 1.2.12 which is fixed.