[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

This bug was fixed in the package bugzilla - 2.22.1-2.2ubuntu1.8.04.1 --- bugzilla (2.22.1-2.2ubuntu1.8.04.1) hardy-security; urgency=low * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

This bug was fixed in the package bugzilla - 2.22.1-2.2ubuntu1.7.10.1 --- bugzilla (2.22.1-2.2ubuntu1.7.10.1) gutsy-security; urgency=low * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

This bug was fixed in the package bugzilla - 3.0.4.1-2ubuntu1.1 --- bugzilla (3.0.4.1-2ubuntu1.1) intrepid-security; urgency=low * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enable

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

3.2 has this fixed in Jaunty. ** Changed in: bugzilla (Ubuntu) Status: In Progress => Fix Released -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notificat

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Thanks for preparing these, they are building in the security queue now and should be published shortly. ** Changed in: bugzilla (Ubuntu Gutsy) Status: In Progress => Fix Committed ** Changed in: bugzilla (Ubuntu Gutsy) Importance: Undecided => Medium ** Changed in: bugzilla (Ubuntu Ha

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Debian should have fixed this by including 3.0.5.0-1, mind preparing a debdiff against it? -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notification because you

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4437 -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notification because you are a member of

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** Changed in: bugzilla (Ubuntu Hardy) Assignee: (unassigned) => Stefan Lesicnik (stefanlsd) ** Changed in: bugzilla (Ubuntu Gutsy) Assignee: (unassigned) => Stefan Lesicnik (stefanlsd) -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary fi

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** Changed in: bugzilla (Ubuntu Hardy) Status: New => In Progress ** Changed in: bugzilla (Ubuntu Dapper) Status: New => Invalid ** Changed in: bugzilla (Ubuntu Gutsy) Status: New => In Progress -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** Changed in: bugzilla (Debian) Status: New => Fix Released -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notification because you are a member of Ubuntu

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Dapper is not affected. -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ub

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Bugzilla 3 now builds correctly in Intrepid and attached is the CVE patch. ** Attachment added: "intrepid-debdiff1" http://launchpadlibrarian.net/18495429/intrepid-debdiff1 -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** Changed in: bugzilla (Debian) Status: Unknown => New -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** Bug watch added: Debian Bug tracker #502019 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502019 ** Also affects: bugzilla (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502019 Importance: Unknown Status: Unknown -- [CVE-2008-4437] - Directory traversal vulne

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Waiting for fix to bugzilla3 in Intrepid before applying CVE. https://launchpad.net/bugs/280641 -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notification because

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Debdiff Hardy ** Attachment added: "hardy-debdiff" http://launchpadlibrarian.net/18448639/hardy-debdiff -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notifica

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Debdiff Gutsy ** Attachment added: "gutsy-debdiff" http://launchpadlibrarian.net/18448630/gutsy-debdiff -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received this bug notifica

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

The patch is released by upstream and is a simple sanity check with regex to remove leading '/' from an open(). It was built and tested that the patch applies succesfully. https://bugzilla.mozilla.org/show_bug.cgi?id=437169 are details and the patch. -- [CVE-2008-4437] - Directory traversal vuln

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

** Changed in: bugzilla (Ubuntu) Assignee: (unassigned) => Stefan Lesicnik (stefanlsd) Status: New => In Progress -- [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file https://bugs.launchpad.net/bugs/281915 You received