Candidate: CVE-2014-9117
PublicDate: 2014-12-06 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9117
 http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
 https://www.mantisbt.org/bugs/view.php?id=17811
Description:
 MantisBT before 1.2.18 uses the public_key parameter value as the key to
 the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA
 protection mechanism by leveraging knowledge of a CAPTCHA answer for a
 public_key parameter value, as demonstrated by E4652 for the public_key
 value 0.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Alejo Popovici
Assigned-to:
CVSS: 

Patches_mantis:
 upstream: http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
upstream_mantis: needed
lucid_mantis: ignored (reached end-of-life)
precise_mantis: ignored (reached end-of-life)
precise/esm_mantis: DNE (precise was needed)
trusty_mantis: DNE
trusty/esm_mantis: DNE
utopic_mantis: DNE
vivid_mantis: DNE
vivid/stable-phone-overlay_mantis: DNE
vivid/ubuntu-core_mantis: DNE
wily_mantis: DNE
xenial_mantis: DNE
yakkety_mantis: DNE
zesty_mantis: DNE
devel_mantis: DNE