From: GitHub <no...@gi...> - 2014-01-24 23:52:12
|
Branch: refs/heads/master-1.2.x Home: https://github.com/mantisbt/mantisbt Commit: 00b4c17088fa56594d85fe46b6c6057bb3421102 https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102 Author: Paul Richards <pa...@ma...> Date: 2014-01-24 (Fri, 24 Jan 2014) Changed paths: M api/soap/mc_file_api.php Log Message: ----------- Fix CVE-2014-1608: mc_issue_attachment_get SQL injection Use of db_query() instead of db_query_bound() allowed SQL injection attacks due to unsanitized use of parameters within the query when using the SOAP API mc_issue_attachment_get. This issue was reported by e-mail by Andrea Barisani from oCERT, on behalf of Martin Herfurt <mar...@nr...>, a security researcher at n.runs professionals GmbH, who discovered the issue during an audit at a customer's site. Fixes #16879 Signed-off-by: Damien Regad <dr...@ma...> Conflicts: api/soap/mc_file_api.php Commit: 7efe0175f0853e18ebfacedfd2374c4179028b3f https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f Author: Paul Richards <pa...@ma...> Date: 2014-01-24 (Fri, 24 Jan 2014) Changed paths: M admin/db_stats.php M api/soap/mc_project_api.php M core/news_api.php M core/summary_api.php M plugins/MantisGraph/core/graph_api.php M plugins/MantisGraph/pages/bug_graph_bycategory.php M plugins/MantisGraph/pages/bug_graph_bystatus.php M proj_doc_page.php Log Message: ----------- Fix CVE-2014-1609: SQL injection vulnerabilities Additional cases of db_query() instead of db_query_bound() usage, potentially allowing SQL injection attacks due to unsanitized use of parameters within the query. This includes vboctor's 2 comments. Fixes #16880 Signed-off-by: Damien Regad <dr...@ma...> Conflicts: admin/db_stats.php plugins/MantisGraph/pages/bug_graph_bycategory.php plugins/MantisGraph/pages/bug_graph_bystatus.php proj_doc_page.php Compare: https://github.com/mantisbt/mantisbt/compare/b72fdaeb7cb8...7efe0175f085 |