oss-sec mailing list archives
RE: Re: CVE request: XSS in MantisBT
From: "P Richards" <paul () mantisforge org>
Date: Mon, 16 Feb 2015 09:59:13 -0000
As the initial discoverer of CVE-2014-8986, I can confirm that the commit in e326b73a does not fix the issue reported in CVE-2014-8986. The commit https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02c ef41bf40 does fix CVE-2014-8986. @mitre: The description @ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986 is incorrect - "MantisBT 1.2.13 through 1.2.17". The issue described in CVE-2014-8986 was not fixed in either 1.2.18 or .1.2.19. How does one get the status of this issue updated? Thanks Paul -----Original Message----- From: Damien Regad [mailto:dregad () mantisbt org] Sent: 16 February 2015 09:53 To: oss-security () lists openwall com Subject: [oss-security] Re: CVE request: XSS in MantisBT P Richards <paul@...> writes:
According to github https://github.com/mantisbt/mantisbt/commit/cabacdc2 the fix referenced for CVE-2014-8986 has never been tagged to a 1.2.x release.
It would help if you looked at the 1.2.x commit... http://github.com/mantisbt/mantisbt/commit/e326b73a $ git describe --contains e326b73a release-1.2.18~27
Current thread:
- CVE request: XSS in MantisBT Damien Regad (Feb 09)
- RE: CVE request: XSS in MantisBT P Richards (Feb 09)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 13)
- RE: Re: CVE request: XSS in MantisBT P Richards (Feb 13)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
- RE: Re: CVE request: XSS in MantisBT P Richards (Feb 16)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 13)
- RE: CVE request: XSS in MantisBT P Richards (Feb 09)
- RE: CVE request: XSS in MantisBT P Richards (Feb 21)
- Re: CVE request: XSS in MantisBT cve-assign (Feb 21)