headers
noreply | 1 Sep 2011 13:28

[mantisbt-commits] [mantisbt/mantisbt] c12a32: Fix #13282, #13283: bug_actiongroup_ext_page.php L...

  Branch: refs/heads/master
  Home:   https://github.com/mantisbt/mantisbt

  Commit: c12a32af2bb48f32cf9df887b8e95e8b5194dbb0
      https://github.com/mantisbt/mantisbt/commit/c12a32af2bb48f32cf9df887b8e95e8b5194dbb0
  Author: David Hicks <d <at> hx.id.au>
  Date:   2011-09-01 (Thu, 01 Sep 2011)

  Changed paths:
    M bug_actiongroup_ext_page.php
  M core/bug_group_action_api.php

  Log Message:
  -----------
  Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS

High-Tech Bridge SA Security Research Lab reported 2 issues with the
'action' parameter to bug_actiongroup_ext_page.php

Issue #13282

XSS issue with require_once() call failures returning an unescaped
user-supplied filename. There has been a fair amount of recent public
talk about PHP error messages being a source of XSS issues. This is an
example.

Issue #12283

Local file inclusion/path traversal vulnerability on web servers that
allow translations like:
(Continue reading)

Permalink | Reply | 0 comments |
headers
noreply | 1 Sep 2011 13:28

[mantisbt-commits] [mantisbt/mantisbt] a7eacc: Fix #13282, #13283: bug_actiongroup_ext_page.php L...

  Branch: refs/heads/master-1.2.x
  Home:   https://github.com/mantisbt/mantisbt

  Commit: a7eacc181185eff1dd7bd8ceaa34a91cf86cc298
      https://github.com/mantisbt/mantisbt/commit/a7eacc181185eff1dd7bd8ceaa34a91cf86cc298
  Author: David Hicks <d <at> hx.id.au>
  Date:   2011-09-01 (Thu, 01 Sep 2011)

  Changed paths:
    M bug_actiongroup_ext_page.php
  M core/bug_group_action_api.php

  Log Message:
  -----------
  Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS

High-Tech Bridge SA Security Research Lab reported 2 issues with the
'action' parameter to bug_actiongroup_ext_page.php

Issue #13282

XSS issue with require_once() call failures returning an unescaped
user-supplied filename. There has been a fair amount of recent public
talk about PHP error messages being a source of XSS issues. This is an
example.

Issue #12283

Local file inclusion/path traversal vulnerability on web servers that
allow translations like:
(Continue reading)

Permalink | Reply | 0 comments |
headers
noreply | 3 Sep 2011 19:03

[mantisbt-commits] [mantisbt/mantisbt] a908cc: Rework the bug action group api such that we can e...

  Branch: refs/heads/master
  Home:   https://github.com/mantisbt/mantisbt

  Commit: a908cc61362059025910e2437d55bedc31863139
      https://github.com/mantisbt/mantisbt/commit/a908cc61362059025910e2437d55bedc31863139
  Author: Paul Richards <paul@...>
  Date:   2011-08-29 (Mon, 29 Aug 2011)

  Changed paths:
    M bug_actiongroup_add_note_inc.php
  M bug_actiongroup_attach_tags_inc.php
  M bug_actiongroup_ext.php
  M bug_actiongroup_ext_page.php
  M bug_actiongroup_page.php
  M bug_actiongroup_update_product_build_inc.php
  M bug_actiongroup_update_severity_inc.php
  M core/bug_group_action_api.php

  Log Message:
  -----------
  Rework the bug action group api such that we can easily convert this to an object in the future, and to
validate calls to require once.

This leads to a security issue identified by IBM's Appscan program, whereby calls to require_once are not validated.
Depending on webserver configuration, this is a file inclusion vulnerability.

There will be a follow up commit to config api - probably:
-		if( $g_project_override != null ) {
+		if( $g_project_override != null && $p_project == null ) {
(Continue reading)

Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 05:20

[mantisbt-commits] [mantisbt/mantisbt] 965b00: Revert "Fix #13282, #13283: bug_actiongroup_ext_pa...

  Branch: refs/heads/master-1.2.x
  Home:   https://github.com/mantisbt/mantisbt

  Commit: 965b00a0e16561631d148c728c5f53541a6b04f4
      https://github.com/mantisbt/mantisbt/commit/965b00a0e16561631d148c728c5f53541a6b04f4
  Author: David Hicks <d <at> hx.id.au>
  Date:   2011-09-03 (Sat, 03 Sep 2011)

  Changed paths:
    M bug_actiongroup_ext_page.php
  M core/bug_group_action_api.php

  Log Message:
  -----------
  Revert "Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS"

This reverts commit a7eacc181185eff1dd7bd8ceaa34a91cf86cc298.

Paul fixed this in a better way with commit
a908cc61362059025910e2437d55bedc31863139 (to be backported to 1.2.x
after this older commit is reverted).

  Commit: 5b93161f3ece2f73410c296fed8522f6475d273d
      https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d
  Author: Paul Richards <paul@...>
  Date:   2011-09-03 (Sat, 03 Sep 2011)

  Changed paths:
    M bug_actiongroup_ext.php
  M bug_actiongroup_ext_page.php
(Continue reading)

Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 05:23

[mantisbt-commits] [mantisbt/mantisbt] e2f30f: Remove unreachable code branch in config_defaults_...

  Branch: refs/heads/master
  Home:   https://github.com/mantisbt/mantisbt

  Commit: e2f30f7052556d2baab3e83a4f7ba619a3a4a643
      https://github.com/mantisbt/mantisbt/commit/e2f30f7052556d2baab3e83a4f7ba619a3a4a643
  Author: David Hicks <d <at> hx.id.au>
  Date:   2011-09-03 (Sat, 03 Sep 2011)

  Changed paths:
    M config_defaults_inc.php

  Log Message:
  -----------
  Remove unreachable code branch in config_defaults_inc.php

Commit 57c944856712cf3fdc7855d10db07da93a82e863 introduced an
unreachable code branch that has no effect. Removed.

The functionality will likely need to be rechecked by Paul/John to see
whether we do want to use PHP_SELF.

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 05:42

[mantisbt-commits] [mantisbt/mantisbt] 0a636b: Issue #13281: Fix Projax XSS issues (unescaped val...

  Branch: refs/heads/master-1.2.x
  Home:   https://github.com/mantisbt/mantisbt

  Commit: 0a636b37d3425aea7b781e7f25eaeb164ac54a3d
      https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d
  Author: David Hicks <d <at> hx.id.au>
  Date:   2011-09-03 (Sat, 03 Sep 2011)

  Changed paths:
    M bug_report_page.php
  M bug_update_advanced_page.php

  Log Message:
  -----------
  Issue #13281: Fix Projax XSS issues (unescaped value attributes)

Projax sucks. This is why it was replaced with jQuery in the master
branch. However master-1.2.x still uses the older Projax code. The
Projax library doesn't attempt to escape values before dumping them in
HTML output, thus leading to XSS issues.

The easiest workaround is to pass in already-escaped values to the
Projax functions.

This issue was reported by High-Tech Bridge SA Security Research Lab as
part of their advisory #HTB23045, available at
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
(Continue reading)

Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 07:44

[mantisbt-commits] [mantisbt/mantisbt] 02de74: Bump version to 1.2.8 and update release notes

  Branch: refs/tags/release-1.2.8
  Home:   https://github.com/mantisbt/mantisbt

  Commit: 02de741a8a793a278e264ba083c49f8fc48c6078
      https://github.com/mantisbt/mantisbt/commit/02de741a8a793a278e264ba083c49f8fc48c6078
  Author: David Hicks <d <at> hx.id.au>
  Date:   2011-09-03 (Sat, 03 Sep 2011)

  Changed paths:
    M core/constant_inc.php
  M doc/RELEASE

  Log Message:
  -----------
  Bump version to 1.2.8 and update release notes

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 11:18

[mantisbt-commits] [mantisbt/mantisbt] 03f1c7: Using just script_name is OK, but it's feasible th...

  Branch: refs/heads/master
  Home:   https://github.com/mantisbt/mantisbt

  Commit: 03f1c7b0d04afbbcb43a26f337ab0e7e77b5a3c1
      https://github.com/mantisbt/mantisbt/commit/03f1c7b0d04afbbcb43a26f337ab0e7e77b5a3c1
  Author: Paul Richards <paul@...>
  Date:   2011-09-04 (Sun, 04 Sep 2011)

  Changed paths:
    M config_defaults_inc.php

  Log Message:
  -----------
  Using just script_name is OK, but it's feasible that SCRIPT_NAME isn't set - this is more common in (badly
configured?) nginx servers

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 13:16

[mantisbt-commits] [mantisbt/mantisbt] 338208: Allow more control over the excel api's output

  Branch: refs/heads/master-1.2.x
  Home:   https://github.com/mantisbt/mantisbt

  Commit: 338208c5fe79d863919eff54366c13aa52af0c21
      https://github.com/mantisbt/mantisbt/commit/338208c5fe79d863919eff54366c13aa52af0c21
  Author: Robert Munteanu <robert.munteanu@...>
  Date:   2011-09-04 (Sun, 04 Sep 2011)

  Changed paths:
    M core/excel_api.php

  Log Message:
  -----------
  Allow more control over the excel api's output

The following changes have been made:

- allow declaration of Spreadsheet styles to control the appearance of
  rows and cells
- allow setting of attributes on individual cells

The actual output of the excel export is unchanged.

The API changes are completely backwards compatible.

Fixes #13290: Allow more control over excel export format

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
(Continue reading)

Permalink | Reply | 0 comments |
headers
noreply | 4 Sep 2011 13:17

[mantisbt-commits] [mantisbt/mantisbt] 887d9e: Allow more control over the excel api's output

  Branch: refs/heads/master
  Home:   https://github.com/mantisbt/mantisbt

  Commit: 887d9e500fbbb03311169e832158a3b854ca0a68
      https://github.com/mantisbt/mantisbt/commit/887d9e500fbbb03311169e832158a3b854ca0a68
  Author: Robert Munteanu <robert.munteanu@...>
  Date:   2011-09-04 (Sun, 04 Sep 2011)

  Changed paths:
    M core/excel_api.php

  Log Message:
  -----------
  Allow more control over the excel api's output

The following changes have been made:

- allow declaration of Spreadsheet styles to control the appearance of
  rows and cells
- allow setting of attributes on individual cells

The actual output of the excel export is unchanged.

The API changes are completely backwards compatible.

Fixes #13290: Allow more control over excel export format

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
(Continue reading)

Permalink | Reply | 0 comments |

Gmane