Mantis Logo
Mantis Manual
Manual
Appendix
ChangeLog
Credits
Alternatives
Links
Security
Manual Improvements
Testmonials

Partner Links
Security
Last Modified: August 11, 2003 00:08AM
(Any)
Description

We do not claim to be security experts, however, we do our best to fix security issues asap, and provide patch releases or patches to fix them in already existing releases. To inform us about security issues, please use the following channels:

  • Report the issue in the bug tracker as a PRIVATE bug. This will avoid the bug being available to others before it is actually fixed by the team members and a patch is provided.
  • Report the issue via the security mailing list. This list is private and is only project administrators are subscribed to it.
Contents
  1. Issues with no security advisories
  2. 2002-01 SQL poisoning vulnerability in Mantis
  3. 2002-02 Limiting output to reporters can be bypassed
  4. 2002-03 Bug listings of private projects can be viewed
  5. 2002-04 Arbitrary code execution vulnerability in Mantis
  6. 2002-05 Arbitrary code execution and file reading
  7. 2002-06 Private bugs accessible in Mantis
  8. 2002-07 Bugs in private projects listed on 'View Bugs'
  9. 2004-01 Various vulnerabilities in Mantis
User Contributed Notes
Security		 Add Notes About Notes
There are no user contributed notes for this page.
Last updated: Wed, 20 Aug 2008 - 11:01:45

Mantis @ SourceForge