Updated advisories

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1261 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Aug 19, 2002 · 290d248 · 290d248
1 parent f6be1aa
commit 290d248
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 31 deletions.
diff --git a/advisories/2002/2002-01.txt b/advisories/2002/2002-01.txt
@@ -36,8 +36,8 @@ installation, can make himself (m/f) an administrator of that Mantis
 installation. This particular vulnerability has been fixed in version
 0.17.3.
 
-Other vulnerabilities may exist, which are caused by the same lack of input
-checking.
+Note: Other vulnerabilities, caused by the same lack of input checking, may
+exist!
 
   3. Affected versions
 
@@ -52,7 +52,7 @@ The following versions are known to be unaffected:
 The following versions are presumed to be affected:
   All versions below Mantis 0.17.2
 
-* = But read the comments in section 2.
+* = But read the note in section 2.
 
   4. Workaround / Solution
 
@@ -72,7 +72,7 @@ take a few weeks.
 If an upgrade is not possible, Mantis 0.17.2 (and possibly lower) can be
 patched to secure the exploitable query:
 
-  In account_update.php, insert the following lines somewhere in a PHP block
+  In account_update.php, insert the following lines somewhere in a PHP block 
   before the SQL queries are executed:
     $f_username = addslashes($f_username);
     $f_email = addslashes($f_email);
@@ -100,7 +100,7 @@ For example:
         SET username='someusername', email='user@server', access_level=90, email=''
         WHERE id='$f_id'
   - This set the access_level column to a value of 90, the internal value
-    for Administrator.
+for Administrator.
 
   6. Contact details
 

diff --git a/advisories/2002/2002-02.txt b/advisories/2002/2002-02.txt
@@ -15,12 +15,6 @@ Mantis is an Open Source web-based bugtracking system, written in PHP, which
 uses the MySQL database server. It is being actively developed by a small
 group of developers, and is considered to be in the beta stage.
 
-In response to the increased number of users and to the increasing number of
-discovered security vulnerabilities, the Mantis team has decided to start
-releasing advisories for all vulnerabilities in versions higher than 0.17.0.
-This is the second in a series of advisories which cover the previously
-discovered vulnerabilities in greater detail.
-
   2. Summary / Impact analysis
 
 It is possible to instruct Mantis to show reporters only the bugs that they

diff --git a/advisories/2002/2002-03.txt b/advisories/2002/2002-03.txt
@@ -1,5 +1,5 @@
 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed
-                          through cookie manipulation
+through cookie manipulation
 
   0. Table of Contents
 
@@ -16,12 +16,6 @@ Mantis is an Open Source web-based bugtracking system, written in PHP, which
 uses the MySQL database server. It is being actively developed by a small
 group of developers, and is considered to be in the beta stage.
 
-In response to the increased number of users and to the increasing number of
-discovered security vulnerabilities, the Mantis team has decided to start
-releasing advisories for all vulnerabilities in versions higher than 0.17.0.
-This is the third in a series of advisories which cover the previously
-discovered vulnerabilities in greater detail.
-
   2. Summary / Impact analysis
 
 In Mantis a user can select a project from a drop-down menu. After

diff --git a/advisories/2002/2002-04.txt b/advisories/2002/2002-04.txt
@@ -16,12 +16,6 @@ Mantis is an Open Source web-based bugtracking system, written in PHP, which
 uses the MySQL database server. It is being actively developed by a small
 group of developers, and is considered to be in the beta stage.
 
-In response to the increased number of users and to the increasing number of
-discovered security vulnerabilities, the Mantis team has decided to start
-releasing advisories for all vulnerabilities in versions higher than 0.17.0.
-This is the fourth in a series of advisories which cover the previously
-discovered vulnerabilities in greater detail.
-
   2. Summary / Impact analysis
 
 Mantis includes code which cooperates with JpGraph to generate some

diff --git a/advisories/2002/2002-05.txt b/advisories/2002/2002-05.txt
@@ -1,5 +1,5 @@
 [Mantis Advisory/2002-05] Arbitrary code execution and file reading
-                          vulnerability in Mantis
+vulnerability in Mantis
 
   0. Table of Contents
 
@@ -19,12 +19,6 @@ Mantis is an Open Source web-based bugtracking system, written in PHP, which
 uses the MySQL database server. It is being actively developed by a small
 group of developers, and is considered to be in the beta stage.
 
-In response to the increased number of users and to the increasing number of
-discovered security vulnerabilities, the Mantis team has decided to start
-releasing advisories for all vulnerabilities in versions higher than 0.17.0.
-This is the fourth in a series of advisories which cover the previously
-discovered vulnerabilities in greater detail.
-
   2. Summary / Impact analysis
 
 Mantis allows the user to configure a file to be included at the top or