This bug was fixed in the package bugzilla - 2.22.1-2.2ubuntu1.8.04.1
---
bugzilla (2.22.1-2.2ubuntu1.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
This bug was fixed in the package bugzilla - 2.22.1-2.2ubuntu1.7.10.1
---
bugzilla (2.22.1-2.2ubuntu1.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
This bug was fixed in the package bugzilla - 3.0.4.1-2ubuntu1.1
---
bugzilla (3.0.4.1-2ubuntu1.1) intrepid-security; urgency=low
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enable
3.2 has this fixed in Jaunty.
** Changed in: bugzilla (Ubuntu)
Status: In Progress => Fix Released
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notificat
Thanks for preparing these, they are building in the security queue now
and should be published shortly.
** Changed in: bugzilla (Ubuntu Gutsy)
Status: In Progress => Fix Committed
** Changed in: bugzilla (Ubuntu Gutsy)
Importance: Undecided => Medium
** Changed in: bugzilla (Ubuntu Ha
Debian should have fixed this by including 3.0.5.0-1, mind preparing a
debdiff against it?
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4437
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you are a member of
** Changed in: bugzilla (Ubuntu Hardy)
Assignee: (unassigned) => Stefan Lesicnik (stefanlsd)
** Changed in: bugzilla (Ubuntu Gutsy)
Assignee: (unassigned) => Stefan Lesicnik (stefanlsd)
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary fi
** Changed in: bugzilla (Ubuntu Hardy)
Status: New => In Progress
** Changed in: bugzilla (Ubuntu Dapper)
Status: New => Invalid
** Changed in: bugzilla (Ubuntu Gutsy)
Status: New => In Progress
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers
** Changed in: bugzilla (Debian)
Status: New => Fix Released
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you are a member of Ubuntu
Dapper is not affected.
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ub
Bugzilla 3 now builds correctly in Intrepid and attached is the CVE
patch.
** Attachment added: "intrepid-debdiff1"
http://launchpadlibrarian.net/18495429/intrepid-debdiff1
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
** Changed in: bugzilla (Debian)
Status: Unknown => New
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you are a member of Ubuntu
Bugs,
** Bug watch added: Debian Bug tracker #502019
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502019
** Also affects: bugzilla (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502019
Importance: Unknown
Status: Unknown
--
[CVE-2008-4437] - Directory traversal vulne
Waiting for fix to bugzilla3 in Intrepid before applying CVE.
https://launchpad.net/bugs/280641
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because
Debdiff Hardy
** Attachment added: "hardy-debdiff"
http://launchpadlibrarian.net/18448639/hardy-debdiff
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notifica
Debdiff Gutsy
** Attachment added: "gutsy-debdiff"
http://launchpadlibrarian.net/18448630/gutsy-debdiff
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notifica
The patch is released by upstream and is a simple sanity check with
regex to remove leading '/' from an open(). It was built and tested that
the patch applies succesfully.
https://bugzilla.mozilla.org/show_bug.cgi?id=437169 are details and the
patch.
--
[CVE-2008-4437] - Directory traversal vuln
** Changed in: bugzilla (Ubuntu)
Assignee: (unassigned) => Stefan Lesicnik (stefanlsd)
Status: New => In Progress
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received
19 matches
Mail list logo