CVE-2012-2691

NameCVE-2012-2691
DescriptionThe mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs676783

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mantissourcesqueeze(not affected)
mantissource(unstable)1.2.11-1676783

Notes

[squeeze] - mantis <not-affected> (according to maintainer)

Search for package or bug name: Reporting problems