Debian
bugzilla package

bugzilla 3.6.2.0-4.5 source package in Debian

Changelog

bugzilla (3.6.2.0-4.5) stable; urgency=low


  * Non-maintainer upload.
  * Add security patches:
    - 87_cve-2011-3657.sh
      Tabular and graphical reports, as well as new charts have
      a debug mode which displays raw data as plain text. This
      text is not correctly escaped and a crafted URL could
      use this vulnerability to inject code leading to XSS.
    - 88_cve-2011-3667.sh
      The User.offer_account_by_email WebService method ignores
      the user_can_create_account setting of the authentication
      method and generates an email with a token in it which the
      user can use to create an account. Depending on the
      authentication method being active, this could allow the
      user to log in using this account.
      Installations where the createemailregexp parameter is
      empty are not vulnerable to this issue.

 -- Jonathan Wiltshire <email address hidden>  Sat, 07 Jan 2012 14:16:43 +0000

Upload details

Uploaded by:
Raphael Bossek
Uploaded to:
Squeeze
Original maintainer:
Raphael Bossek
Architectures:
all
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
bugzilla_3.6.2.0-4.5.dsc 1.8 KiB d7bc9429d82706246a4936a2602193663710f29860b7caeea7047d2a8fac9ac1
bugzilla_3.6.2.0.orig.tar.gz 4.2 MiB 3f31675b546f76eab611c37ceaa7462ab0fb207f7edd6b2820c6b56f598f37f2
bugzilla_3.6.2.0-4.5.debian.tar.gz 109.4 KiB c07c6c335d43268ce63aeb2bad84496b7054723f308a834c1316295b66588d8a

No changes file available.

Binary packages built by this source