A security flaw was found in the way MantisBT, a web-based issue tracking system, performed user-privilege check when displaying issue close button (close button was previously shown at a web page even when 'close' was not a valid status by / according to workflow definition). An unprivileged MantisBT user could use this flaw to close particular issue even though the particular workflow settings did not permit it. References: [1] http://www.openwall.com/lists/oss-security/2013/04/04/8 Upstream ticket: [2] http://www.mantisbt.org/bugs/view.php?id=15453 Upstream patches: [3] https://github.com/mantisbt/mantisbt/commit/d85e69feac67e2fa972694bf183df5bdb1d6837a (against 1.2.x branch) [4] https://github.com/mantisbt/mantisbt/commit/562db4f49e0c2038c56f98e983dedede316f4236 (against master)
This issue affects the versions of the mantis package, as shipped with Fedora release of 17 and 18. Please schedule an update. -- This issue did NOT affect the version of the mantis package, as shipped with Fedora EPEL-5.
Created mantis tracking bugs for this issue Affects: fedora-all [bug 948995]
The CVE identifier of CVE-2013-1930 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/04/06/4
mantis-1.2.15-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
mantis-1.2.15-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
mantis-1.2.15-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.