FreeBSD Ports: mantis

Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades. http://www.openwall.com/lists/oss-security/2012/06/09/1 http://sourceforge.net/mailarchive/forum.php?thread_name=1339229952.28538.22%40d.hx.id.au&forum_name=mantisbt-dev http://www.vuxml.org/freebsd/55587adb-b49d-11e1-8df1-0004aca374af.html
Insight
The following package is affected: mantis CVE-2012-2691 The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request. CVE-2012-2692 MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.