* Joey Hess ([EMAIL PROTECTED]) disait :
> Note this this hole has been assigned two CVE IDs:
>
> CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2
> allows
> CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a
> different
Thanks to upstream collaboration, we have now a working patch for
closing this security issue in the 2.16 branch (the first patch was not
ok for 2.16[1]).
I backported the full patch from 2.16.10 to our sarge package (2.16.7).
It works pretty well on my sarge box.
The package source is available on my repository:
deb-src http://www.sukria.net/debian ./
I don't know what is the best thing to do here, as this is an update of
the 2.16 package (which is in testing) and our sid package is 2.18...
Maybe a t-p-u?
Cheers.
1: https://bugzilla.mozilla.org/show_bug.cgi?id=294655
--
Alexis Sukrieh <[EMAIL PROTECTED]>
http://www.sukria.net
« Quidquid latine dictum sit, altum sonatur. »
Whatever is said in Latin sounds profound.
