* Joey Hess ([EMAIL PROTECTED]) disait : > Note this this hole has been assigned two CVE IDs: > > CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 > allows > CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a > different
Thanks to upstream collaboration, we have now a working patch for closing this security issue in the 2.16 branch (the first patch was not ok for 2.16[1]). I backported the full patch from 2.16.10 to our sarge package (2.16.7). It works pretty well on my sarge box. The package source is available on my repository: deb-src http://www.sukria.net/debian ./ I don't know what is the best thing to do here, as this is an update of the 2.16 package (which is in testing) and our sid package is 2.18... Maybe a t-p-u? Cheers. 1: https://bugzilla.mozilla.org/show_bug.cgi?id=294655 -- Alexis Sukrieh <[EMAIL PROTECTED]> http://www.sukria.net « Quidquid latine dictum sit, altum sonatur. » Whatever is said in Latin sounds profound.