Package: bugzilla
Severity: normal
Tags: woody security sarge sid
A minor information leak in Bugzilla's product handling code affects Woody,
Sarge and sid:
Issue 1
-------
Class: Information Leak
Versions: 2.10 through 2.18, 2.19.1, 2.19.2
Description: If a user correctly guesses the name of a product that
should be invisible to them, they will be specifically
informed that they do not have access to it, thus letting
them know that the product exists.
Also, users can enter bugs into products that are closed for
bug entry, if they correctly guess the name of the product.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=287109
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages bugzilla depends on:
pn apache | roxen2 | apache-ssl Not found.
ii debconf 1.4.30.13 Debian configuration management sy
ii exim4-daemon-light [mail-tran 4.50-4 lightweight exim MTA (v4) daemon
ii libdbd-mysql-perl 2.9006-1 A Perl5 database interface to the
ii libtimedate-perl 1.1600-4 Time and date functions for Perl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
