Package: bugzilla Severity: important Tags: security, sid This issue affects only the Bugzilla version in sid:
Issue 2 ------- Class: User Password Embedded in URL Versions: 2.17.1 through 2.18, 2.19.1, 2.19.2 Description: The user's password can be embedded as part of a report URL, and thus visible in the web server logs, if the user is prompted to log in while attempting to view a chart. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=287436 It's fixed in latest upstream version. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.29-vs1.2.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages bugzilla depends on: pn apache | roxen2 | apache-ssl Not found. ii debconf 1.4.30.13 Debian configuration management sy ii exim4-daemon-light [mail-tran 4.50-4 lightweight exim MTA (v4) daemon ii libdbd-mysql-perl 2.9006-1 A Perl5 database interface to the ii libtimedate-perl 1.1600-4 Time and date functions for Perl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]