* Joey Hess ([EMAIL PROTECTED]) disait :
> Note this this hole has been assigned two CVE IDs:
>
> CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2
> allows
> CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a
> different
>
> I don't quite understand the previous message from Alexis Sukrieh about
> needing to wait for some kind of web app policy before fixing these
> security holes. The above two CANs affect sarge and need to be fixed.
You are perfectly right. I just wasn't aware of the fact that those
security issues did affect sarge, I was focused on the unstable 2.18
package, my fault.
Be sure that providing a safe package for sarge is my top priority by
now.
Thanks a lot for the report Joey.
--
Alexis Sukrieh <[EMAIL PROTECTED]>
http://www.sukria.net
« Quidquid latine dictum sit, altum sonatur. »
Whatever is said in Latin sounds profound.
