Upstream security advisory: http://www.bugzilla.org/security/2.18.5/
These are fixed in 2.22.1 which would be suitable for sid.
There is no upstream fix for the 2.16 series, as used in sarge. I am
looking at the upstream fix for the 2.18 series to see whether it is
applicable or easily
* Ben Hutchings ([EMAIL PROTECTED]) :
Based on the advisory at http://www.bugzilla.org/security/2.18.5/ I
would say that:
[...]
Ben, thanks a lot for your work regarding that issue.
If you have an alioth account, feel free to ask Sean Finney to add you
to the webapps-common team, so you can
Processing commands for [EMAIL PROTECTED]:
tags 395094 + confirmed
Bug#395094: CVE-2006-545[3-5]: Multiple security issues in bugzilla
Tags were: security
Tags added: confirmed
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
tags 395094 + confirmed
thanks
* Ben Hutchings ([EMAIL PROTECTED]) :
Upstream security advisory: http://www.bugzilla.org/security/2.18.5/
These are fixed in 2.22.1 which would be suitable for sid.
I'm working on the packaging of that new upstream release.
--
Alexis Sukrieh [EMAIL
Package: bugzilla
Severity: grave
Tags: security
Several issues have beenfound in bugzilla:
CVE-2006-5455:
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in
Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted
remote attackers to create, modify, or delete
5 matches
Mail list logo