1
bugzilla (3.6.2.0-4.5) stable; urgency=low
3
* Non-maintainer upload.
4
* Add security patches:
6
Tabular and graphical reports, as well as new charts have
7
a debug mode which displays raw data as plain text. This
8
text is not correctly escaped and a crafted URL could
9
use this vulnerability to inject code leading to XSS.
11
The User.offer_account_by_email WebService method ignores
12
the user_can_create_account setting of the authentication
13
method and generates an email with a token in it which the
14
user can use to create an account. Depending on the
15
authentication method being active, this could allow the
16
user to log in using this account.
17
Installations where the createemailregexp parameter is
18
empty are not vulnerable to this issue.
20
-- Jonathan Wiltshire <jmw@debian.org> Sat, 07 Jan 2012 14:16:43 +0000
22
bugzilla (3.6.2.0-4.4) stable-security; urgency=low
24
* Non-maintainer upload.
25
* Add security patches (Closes: #611176):
26
- 79_cve-2010-4572.sh (CVE-2010-4572)
27
- 80_cve-2010-4567_cve-2011-0048.sh
28
(CVE-2010-4567 CVE-2011-0048)
29
- 81_cve-2010-4568.sh (CVE-2010-4568)
30
- 82_cve-2011-0046.sh (CVE-2011-0046)
31
- 83_cve-2011-2978.sh (CVE-2011-2978)
32
- 84_cve-2011-2381.sh (CVE-2011-2381)
33
- 85_cve-2011-2380.sh (CVE-2011-2979, CVE-2011-2380)
34
- 86_cve-2011-2379.sh (CVE-2011-2379)
36
-- Jonathan Wiltshire <jmw@debian.org> Sun, 09 Oct 2011 14:35:55 +0100
38
bugzilla (3.6.2.0-4.3) UNRELEASED; urgency=low
40
* Superceded security release
42
-- Jonathan Wiltshire <jmw@debian.org> Thu, 06 Oct 2011 12:56:10 +0100
1
44
bugzilla (3.6.2.0-4.2) testing-proposed-updates; urgency=low
3
46
* Non-maintainer upload.