Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code.
|Package||www-apps/mantisbt on all architectures|
|Affected versions||< 1.1.4-r1|
|Unaffected versions||>= 1.1.4-r1|
Mantis is a PHP/MySQL/Web based bugtracking system.
Multiple issues have been reported in Mantis:
Remote unauthenticated attackers could exploit these vulnerabilities to execute arbitrary PHP commands, disclose sensitive issue data, or hijack a user's sessions.
There is no known workaround at this time.
All Mantis users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1"