Package: bugzilla
Severity: important
Tags: security, sid
This issue affects only the Bugzilla version in sid:
Issue 2
-------
Class: User Password Embedded in URL
Versions: 2.17.1 through 2.18, 2.19.1, 2.19.2
Description: The user's password can be embedded as part of a report URL,
and thus visible in the web server logs, if the user is
prompted to log in while attempting to view a chart.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=287436
It's fixed in latest upstream version.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages bugzilla depends on:
pn apache | roxen2 | apache-ssl Not found.
ii debconf 1.4.30.13 Debian configuration management sy
ii exim4-daemon-light [mail-tran 4.50-4 lightweight exim MTA (v4) daemon
ii libdbd-mysql-perl 2.9006-1 A Perl5 database interface to the
ii libtimedate-perl 1.1600-4 Time and date functions for Perl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
