Note this this hole has been assigned two CVE IDs: CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different
I don't quite understand the previous message from Alexis Sukrieh about needing to wait for some kind of web app policy before fixing these security holes. The above two CANs affect sarge and need to be fixed. -- see shy jo
signature.asc
Description: Digital signature