tags 395094 + confirmed
thanks
* Ben Hutchings ([EMAIL PROTECTED]) :
> Upstream security advisory: http://www.bugzilla.org/security/2.18.5/
>
> These are fixed in 2.22.1 which would be suitable for sid.
I'm working on the packaging of that new upstream release.
--
Alexis Sukrieh <[EMAIL PROTE
* Ben Hutchings ([EMAIL PROTECTED]) :
> Based on the advisory at http://www.bugzilla.org/security/2.18.5/ I
> would say that:
[...]
Ben, thanks a lot for your work regarding that issue.
If you have an alioth account, feel free to ask Sean Finney to add you
to the webapps-common team, so you can co
Upstream security advisory: http://www.bugzilla.org/security/2.18.5/
These are fixed in 2.22.1 which would be suitable for sid.
There is no upstream fix for the 2.16 series, as used in sarge. I am
looking at the upstream fix for the 2.18 series to see whether it is
applicable or easily adaptable
Package: bugzilla
Severity: grave
Tags: security
Several issues have beenfound in bugzilla:
CVE-2006-5455:
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in
Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted
remote attackers to create, modify, or delete arbi
4 matches
Mail list logo
