SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mantisbt-1.3.20-1.39.noarch.rpm :

* Sun Sep 29 2019 Andreas Stieger - MantisBT 1.3.20:
* CVE-2019-15715: Command execution / injection vulnerability
* SOAP API return value did not match definition in WSDL
* Update ADOdb to 5.20.14 for security and compatibility fixes
* Remove usage of deprecated function __autoload
* Update to PHPMailer 5.2.27
* Fri Sep 14 2018 astiegerAATTsuse.com- MantisBT 1.3.16:
* CVE-2018-14895: XSS in bug_actiongroup.php
* Tue May 15 2018 astiegerAATTsuse.com- MantisBT 1.3.15:
* CVE-2018-9839: Private issues accessible to unauthorized users using the \"Clone\" functionality
* Thu Feb 08 2018 astiegerAATTsuse.com- MantisBT 1.3.14:
* CVE-2018-6403: XSS in adm_config_report.php \'value\' parameter- includes changes from 1.3.13:
* mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user
* Mon Sep 04 2017 astiegerAATTsuse.com- MantisBT 1.3.12:
* CVE-2017-12061: XSS in /admin/install.php script drop CVE-2017-12061.patch
* Improve doc and notifications when admin dir is present (CVE-2017-12419)
* Tue Aug 01 2017 astiegerAATTsuse.com- CVE-2017-12061: XSS in /admin/install.php script (bsc#1051697) add CVE-2017-12061.patch
* Mon May 22 2017 astiegerAATTsuse.com- MantisBT 1.3.11:
* CVE-2017-7620: CSRF - Arbitrary Permalink Injection
* CVE-2017-7620: Open redirection vulnerability in /login_page.php
* Use of \'mantis\' as plugin table prefix prevents plugin\'s installation
* Mon Apr 17 2017 astiegerAATTsuse.com- MantisBT 1.3.10:
* CVE-2017-7615: Account verification page allows resetting any user\'s password (bsc#1034333)- includes changes from 1.3.9:
* Installation on MSSQL fails at step 209
* CVE-2017-7241: XSS in move_attachments_page.php (bsc#1031807)
* CVE-2017-7309: XSS in adm_config_report.php (bsc#1031807)
* File upload to MS-SQL not working- includes changes from 1.3.8:
* CVE-2017-6973: XSS in adm_config_report.ph (bsc#1031807)p
* Resolution changes in some cases when closing issues- includes changes from 1.3.7:
* documentation fixes
* typo error for the email_receive_own parameter
* drop CVE-2017-6797.patch, now upstream
* Sat Mar 11 2017 astiegerAATTsuse.com- Fix CVE-2017-6797: XSS in bug status page add CVE-2017-6797.patch- Make the provided \"mantis\" resolvable a versioned one
* Mon Feb 20 2017 astiegerAATTsuse.com- MantisBT 1.3.6:
* security: Update .htaccess files to support Apache 2.4 new authz syntax
* security: Update PHPMailer to 5.2.22 boo#1020141 CVE-2017-5223
* Hide non-mysql experimental DB\'s for new installation
* Database log for postgres/oracle not showing parameter substitution
* Database log does not show boolean parameters correctly
* Update securimage to 3.6.5
* documentation updates
* printing fixes
  
ICM