diff options
author | skv <skv@FreeBSD.org> | 2010-02-02 00:45:21 +0800 |
---|---|---|
committer | skv <skv@FreeBSD.org> | 2010-02-02 00:45:21 +0800 |
commit | 2106b62d1e00860c93a6a7d6402c9f339a72d8b8 (patch) | |
tree | ff226095e9394c908faeae106cfd2583ed0d3a5b /security | |
parent | 7922affb46f7000c347462ea6fa9a0a3220d8e15 (diff) | |
download | freebsd-ports-gnome-2106b62d1e00860c93a6a7d6402c9f339a72d8b8.tar.gz freebsd-ports-gnome-2106b62d1e00860c93a6a7d6402c9f339a72d8b8.tar.zst freebsd-ports-gnome-2106b62d1e00860c93a6a7d6402c9f339a72d8b8.zip |
Document "bugzilla" - information leak.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 01a64bf408ea..b73bd29c4167 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="696053c6-0f50-11df-a628-001517351c22"> + <topic>bugzilla -- information leak</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.1</gt><lt>3.4.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.0.10/"> + <p>When moving a bug from one product to another, an intermediate + page is displayed letting you select the groups the bug should + be restricted to in the new product. However, a regression in + the 3.4.x series made it ignore all groups which are not + available in both products. As a workaround, you had to move + the bug to the new product first and then restrict it to the + desired groups, in two distinct steps, which could make the bug + temporarily public.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3387</cvename> + <url>http://www.bugzilla.org/security/3.0.10/</url> + </references> + <dates> + <discovery>2010-01-31</discovery> + <entry>2010-02-01</entry> + </dates> + </vuln> + <vuln vid="192609c8-0c51-11df-82a0-00248c9b4be7"> <topic>irc-ratbox -- multiple vulnerabilities</topic> <affects> |