headers
John Reese | 6 Sep 16:42
Favicon
Gravatar

MantisBT 1.2.8 Released

Hi all,

MantisBT 1.2.8 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are advised 
to upgrade to this release.

Paulino Calderon from Websec, High-Tech Bridge Security Research Lab and 
Paul Richards discovered 3 vulnerabilities:
  - 1x local file inclusion (LFI)/directory traversal
  - 2x cross site scriptin (XSS)

These vulnerabilities could have very severe consequences for users of
MantisBT, particularly as a result of the local file inclusion 
vulnerability. If an attacker can upload their own PHP script to the 
server as an attachment, they may be able to execute this script using 
the LFI vulnerability.

Refer to issues #13191 and #13281 for detailed information:

   http://www.mantisbt.org/bugs/view.php?id=13191
   http://www.mantisbt.org/bugs/view.php?id=13281

A full changelog for 1.2.8 can be found at:

   http://www.mantisbt.org/bugs/changelog_page.php?version_id=139

The release can be downloaded at:

   http://www.mantisbt.org/download.php
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 26 Sep 16:24
Favicon
Gravatar

New IRC Channels

Howdy All,

I would like to announce a some changes to the IRC channels used for the 
MantisBT project.  I've registered a formal MantsBT group with Freenode, 
which has given us control of the mantisbt "namespace".

This means that we now have the #mantisbt channel, which will be used 
specifically for development discussions and random off topic chatter.

Our existing IRC channel #mantishelp is being moved to #mantisbt-help, 
and will be reserved for questions and support for end users.  The 
current #mantishelp channel is set up to forward users appropriately, 
but will be disbanded after a few weeks time.  The web client on 
mantisbt.org is already updated to send users to the correct channel.

Please update your IRC clients with the new channels names.

Cheers

--

-- 
John Reese
noswap.com

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
(Continue reading)

Permalink | Reply | 0 comments |

Gmane