Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

For the stable distribution (wheezy), these problems have been fixed in version 1.2.18-1. We recommend that you upgrade your mantis packages.

Mantis is an issue tracker that is implemented in PHP. The main features include: * Web Based * Supports any platform that runs PHP * Available in 68 localizations * Customizable Issue Pages * Multiple Projects per instance * Support for Projects, Sub-Projects, and Categories. * Users can have a different access level per project * Changelog Support * Roadmap * User View Page * Search and Filter * Built-in Reporting (reports / graphs) * Time Tracking * Custom Fields * Email notifications * Users can monitor specific issues * Attachments * Issue Change History * RSS Feeds * Customizable issue workflow * Sponsorships Support * Export to csv, Microsoft Excel, Microsoft Word * No limit on the number of users, issues, or projects. * Public / Private Projects * Public / Private Notes * Public / Private Issues * Public / Private News * Issue Relationships * Authentication + Default Mantis Authentication (recommended) + LDAP Integration + HTTP Basic Authentication Support + Active Directory Integration (patches available) * Multi-DBMS Support (using ADODB) + MySQL + MS SQL + PostgreSQL + Oracle (experimental) * Webservice (SOAP) interface * and more

mantis on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2015/dsa-3120.html

---

Updated on 2015-03-25