Gentoo Linux Security Advisory GLSA 200803-04 - seiji reported that the filename for the uploaded file in bug_report.php is not properly sanitized before being stored. Versions less than 1.0.8-r1 are affected.
fc1f88306dd5d7317b57f028ab37f465bab899a7e7b199d046b769173404ae02
Debian Security Advisory 1467-1 - Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system.
5c21b545653a0c75eeef5cdb28cacb078351c72fb62b5ca6c32b8bafd8b9c61a