Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla

2006-11-03 Thread Ben Hutchings
Upstream security advisory: http://www.bugzilla.org/security/2.18.5/ These are fixed in 2.22.1 which would be suitable for sid. There is no upstream fix for the 2.16 series, as used in sarge. I am looking at the upstream fix for the 2.18 series to see whether it is applicable or easily

Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla

2006-11-03 Thread Alexis Sukrieh
* Ben Hutchings ([EMAIL PROTECTED]) : Based on the advisory at http://www.bugzilla.org/security/2.18.5/ I would say that: [...] Ben, thanks a lot for your work regarding that issue. If you have an alioth account, feel free to ask Sean Finney to add you to the webapps-common team, so you can

Processed: Re: Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla

2006-11-03 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: tags 395094 + confirmed Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla Tags were: security Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator

Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla

2006-11-03 Thread Alexis Sukrieh
tags 395094 + confirmed thanks * Ben Hutchings ([EMAIL PROTECTED]) : Upstream security advisory: http://www.bugzilla.org/security/2.18.5/ These are fixed in 2.22.1 which would be suitable for sid. I'm working on the packaging of that new upstream release. -- Alexis Sukrieh [EMAIL

Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla

2006-10-24 Thread Stefan Fritsch
Package: bugzilla Severity: grave Tags: security Several issues have beenfound in bugzilla: CVE-2006-5455: Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete