[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Launchpad Bug Tracker Thu, 08 Jan 2009 14:10:29 -0800

This bug was fixed in the package bugzilla - 3.0.4.1-2ubuntu1.1

---------------
bugzilla (3.0.4.1-2ubuntu1.1) intrepid-security; urgency=low


  * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
    Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
    is enabled, allows remote attackers to read arbitrary files via an
    XML file with a .. (dot dot) in the data element.(LP: #281915)
    - debian/maintenance/33_CVE-2008-4437.sh: upstream patch with regex
      to remove any leading path data from the filename.
    - CVE-2008-4437

 -- Stefan Lesicnik <[email protected]>   Mon, 13 Oct 2008 11:52:24 +0200

** Changed in: bugzilla (Ubuntu Intrepid)
       Status: Fix Committed => Fix Released

** Changed in: bugzilla (Ubuntu Gutsy)
       Status: Fix Committed => Fix Released

-- 
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to 
read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file

Reply via email to