~ubuntu-branches/debian/sid/bugzilla/sid

Viewing all changes in revision 29.

  • Committer: Bazaar Package Importer
  • Author(s): Raphael Bossek
  • Date: 2010-11-15 10:09:20 UTC
  • mfrom: (1.3.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20101115100920-o44coxhud8c7j15m
Tags: 3.6.3.0-1
* New upstream release. Closes: #602420
* Fixed vulnerability CVE-2010-3172:
  By inserting a certain string into a URL, it was possible
  to inject both headers and content to any browser that
  supported "Server Push" (mostly only Gecko-based browsers
  like Firefox). This could lead to Cross-Site Scripting
  vulnerabilities, and possibly other more dangerous security
  issues as well.
* Fixed vulnerability CVE-2010-3764:
  The Old Charts system generated graphs with
  predictable names into the "graphs/" directory,
  which also could be browsed to see its contents.
  This allowed unauthorized users to see product
  names and charted information about those
  products over time.
* Fixed references to YUI components used by language templates.
* Fixed missing images.
* Surrpress error messages at installation stage.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: