bugzilla 2.22.1-2.2ubuntu1.7.10.1 source package in Ubuntu
Changelog
bugzilla (2.22.1-2.2ubuntu1.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
-- Stefan Lesicnik <email address hidden> Sat, 11 Oct 2008 21:56:21 +0200
Upload details
- Uploaded by:
- Stefan Lesicnik
- Sponsored by:
- Kees Cook
- Uploaded to:
- Gutsy
- Original maintainer:
- MOTU
- Architectures:
- all
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| bugzilla_2.22.1.orig.tar.gz | 1.8 MiB | 9293f96ab75bda9583a247c8af768e77e77242d3c724c18a96dee4557e84e61a |
| bugzilla_2.22.1-2.2ubuntu1.7.10.1.diff.gz | 68.1 KiB | d84cbc4a87e38fd986f1d3f49917de8e163a326f2bac6fea57d7e88d486d6cf4 |
| bugzilla_2.22.1-2.2ubuntu1.7.10.1.dsc | 925 bytes | 3b55877b7f41754967c56091c0e4dec88235f3a7d4d195e48603a09e146a95dc |
Available diffs
Binary packages built by this source
- bugzilla: No summary available for bugzilla in ubuntu gutsy.
No description available for bugzilla in ubuntu gutsy.
- bugzilla-doc: No summary available for bugzilla-doc in ubuntu gutsy.
No description available for bugzilla-doc in ubuntu gutsy.
