Victor Boctor
2015-02-02 17:02:06 UTC
MantisBT 1.2.19 Security Release
================================
MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here ( http://www.mantisbt.org/ ).
This release resolves 5 security issues:
- #17938/CVE-2014-9571: XSS in install.php
- #17939/CVE-2014-9572: Improper Access Control in install.php
- #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
- #17984/CVE-2014-9624: CAPTCHA bypass
- #17997/CVE-2015-1042: URL redirection issue
We would like to thank High Tech Bridge Research Lab, Alejo Popovici and Florent DaigniÚre from Matta Consulting for reporting these issues, and their cooperation in resolving them.
This release also addresses 2 regression issues introduced in 1.2.18:
- #17993 prevents new users from signing up on systems using CAPTCHA.
- #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.
Please refer to the changelog [1] on the MantisBT web site for complete details on each of these issues.
[1] https://www.mantisbt.org/bugs/changelog_page.php?version_id=238
Follow Us on Twitter - http://twitter.com/mantisbt
Email not displaying correctly? View it ( http://sendgrid.org/wf/webmail?rp=ZTI1bGQzTnNaWFIwWlhKZmFXUTZNVEl6TkN4MWMyVnlYMmxrT2pJMU5qVTBmUWV5SnVaWGR6YkdWMGRHVnlYMmxrSWpvaU5URXhNamN5TnlJc0ltNWxkM05zWlhSMFpYSmZkWE5sY2w5cFpDSTZOekl6TkRRd01UTTRNak45 ) in your browser
You are receiving this email because you are a registered user at http://www.mantisbt.org
To unsubscribe please click here ( http://email.mantishub.com/wf/unsubscribe?upn=h0FApSUEjsSGds352gXFbEWitjnxcBiGLyX1rONinUdcjM92jhhcAj3op4Xjt7PVG-2FTQ0snuK0HJjMjUXHdaMxRJIJfo16DJSM7-2F2krj6VF6HvtI1LFVzkbJmPrkQtpIA08VYyPp6-2FSH6gBxC861wX7ZrBGRC1asSikGN3Ulca0EzTxmR3Zz379IgNu89yiAeZfPk9zbI6YYOA9pGxbhb60u-2FjZkbMCS5RU3p76OOesNJL8HNC-2Bsqlv-2BMfCyTBvWxq0yCEk2EoVJMN1MHjgzFuhG6HzBLUulFZZ1DusV7AhYwkQ-2FBxUvxFLoAOi5MZ68hj9yWQUN2iBSYzOBb28Q04-2B0BwC5yMI9DM-2BR6MMU68Kb41JkaT9fe5FIm8jlS-2FNBPrzLo7yRgtKEEG-2Fh9ZJ-2FmsZWv9-2Bt7Jv-2BTfQANIhdP-2FE-3D )
Victor Boctor
4012 173rd CT NE, Redmond, WA, 98052
================================
MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here ( http://www.mantisbt.org/ ).
This release resolves 5 security issues:
- #17938/CVE-2014-9571: XSS in install.php
- #17939/CVE-2014-9572: Improper Access Control in install.php
- #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
- #17984/CVE-2014-9624: CAPTCHA bypass
- #17997/CVE-2015-1042: URL redirection issue
We would like to thank High Tech Bridge Research Lab, Alejo Popovici and Florent DaigniÚre from Matta Consulting for reporting these issues, and their cooperation in resolving them.
This release also addresses 2 regression issues introduced in 1.2.18:
- #17993 prevents new users from signing up on systems using CAPTCHA.
- #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.
Please refer to the changelog [1] on the MantisBT web site for complete details on each of these issues.
[1] https://www.mantisbt.org/bugs/changelog_page.php?version_id=238
Follow Us on Twitter - http://twitter.com/mantisbt
Email not displaying correctly? View it ( http://sendgrid.org/wf/webmail?rp=ZTI1bGQzTnNaWFIwWlhKZmFXUTZNVEl6TkN4MWMyVnlYMmxrT2pJMU5qVTBmUWV5SnVaWGR6YkdWMGRHVnlYMmxrSWpvaU5URXhNamN5TnlJc0ltNWxkM05zWlhSMFpYSmZkWE5sY2w5cFpDSTZOekl6TkRRd01UTTRNak45 ) in your browser
You are receiving this email because you are a registered user at http://www.mantisbt.org
To unsubscribe please click here ( http://email.mantishub.com/wf/unsubscribe?upn=h0FApSUEjsSGds352gXFbEWitjnxcBiGLyX1rONinUdcjM92jhhcAj3op4Xjt7PVG-2FTQ0snuK0HJjMjUXHdaMxRJIJfo16DJSM7-2F2krj6VF6HvtI1LFVzkbJmPrkQtpIA08VYyPp6-2FSH6gBxC861wX7ZrBGRC1asSikGN3Ulca0EzTxmR3Zz379IgNu89yiAeZfPk9zbI6YYOA9pGxbhb60u-2FjZkbMCS5RU3p76OOesNJL8HNC-2Bsqlv-2BMfCyTBvWxq0yCEk2EoVJMN1MHjgzFuhG6HzBLUulFZZ1DusV7AhYwkQ-2FBxUvxFLoAOi5MZ68hj9yWQUN2iBSYzOBb28Q04-2B0BwC5yMI9DM-2BR6MMU68Kb41JkaT9fe5FIm8jlS-2FNBPrzLo7yRgtKEEG-2Fh9ZJ-2FmsZWv9-2Bt7Jv-2BTfQANIhdP-2FE-3D )
Victor Boctor
4012 173rd CT NE, Redmond, WA, 98052