oss-sec mailing list archives
Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554]
From: Damien Regad <dregad () mantisbt org>
Date: Sun, 02 Nov 2014 00:49:11 +0100
Following up on earlier messages about this issue, please note that I just pushed a patch to our official repository on Github [1].
We plan to release MantisBT 1.2.18 in the next few days, as we're finalizing fixes for a few additional issues. I'll post back here when the new version goes live.
Damien [1] http://github.com/mantisbt/mantisbt/commit/99ffb0af (1.2.x branch) http://github.com/mantisbt/mantisbt/commit/5faf97ab (master)
Current thread:
- SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
- Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554] Damien Regad (Nov 01)
- Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)