aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorskv <skv@FreeBSD.org>2010-02-02 00:45:21 +0800
committerskv <skv@FreeBSD.org>2010-02-02 00:45:21 +0800
commit2106b62d1e00860c93a6a7d6402c9f339a72d8b8 (patch)
treeff226095e9394c908faeae106cfd2583ed0d3a5b /security
parent7922affb46f7000c347462ea6fa9a0a3220d8e15 (diff)
downloadfreebsd-ports-gnome-2106b62d1e00860c93a6a7d6402c9f339a72d8b8.tar.gz
freebsd-ports-gnome-2106b62d1e00860c93a6a7d6402c9f339a72d8b8.tar.zst
freebsd-ports-gnome-2106b62d1e00860c93a6a7d6402c9f339a72d8b8.zip
Document "bugzilla" - information leak.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 01a64bf408ea..b73bd29c4167 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="696053c6-0f50-11df-a628-001517351c22">
+ <topic>bugzilla -- information leak</topic>
+ <affects>
+ <package>
+ <name>bugzilla</name>
+ <range><gt>3.3.1</gt><lt>3.4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Bugzilla Security Advisory reports:</p>
+ <blockquote cite="http://www.bugzilla.org/security/3.0.10/">
+ <p>When moving a bug from one product to another, an intermediate
+ page is displayed letting you select the groups the bug should
+ be restricted to in the new product. However, a regression in
+ the 3.4.x series made it ignore all groups which are not
+ available in both products. As a workaround, you had to move
+ the bug to the new product first and then restrict it to the
+ desired groups, in two distinct steps, which could make the bug
+ temporarily public.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2009-3387</cvename>
+ <url>http://www.bugzilla.org/security/3.0.10/</url>
+ </references>
+ <dates>
+ <discovery>2010-01-31</discovery>
+ <entry>2010-02-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="192609c8-0c51-11df-82a0-00248c9b4be7">
<topic>irc-ratbox -- multiple vulnerabilities</topic>
<affects>