Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219720 Summary: CVE-2006-6515: mantis bug reminder threshold issue Product: Fedora Extras Version: fc4 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: mantis AssignedTo: giallu@xxxxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: extras-qa@xxxxxxxxxxxxxxxxx,fedora-security- list@xxxxxxxxxx http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6515 "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders." The CVE entry says 1.0.6 is vulnerable, however it looks to me as if it's not, see the change in revision 1.283.2.1.2.1.2.1.2.2.2.11 at http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/config_defaults_inc.php?view=log FC-3 and FC-4 appear to be vulnerable. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
