FreeBSD: VID-2dc8927b-54e0-11eb-9342-1c697a013f4b (CVE-2020-35849): mantis -- multiple vulnerabilities

Mantis 2.24.4 release reports: Security and maintenance release, addressing 6 CVEs: 0027726: CVE-2020-29603: disclosure of private project name 0027727: CVE-2020-29605: disclosure of private issue summary 0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments 0027361: Private category can be access/used by a non member of a private project (IDOR) 0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls 0026794: User Account - Takeover 0027363: Fixed in version can be changed to a version that doesn't exist 0027350: When updating an issue, a Viewer user can be set as Reporter 0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary 0027495: CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP. 0027444: Printing unsanitized user input in install.php