- Committer: Bazaar Package Importer
- Date: 2008-10-11 21:56:21 UTC
- Revision ID: james.westby@ubuntu.com-20081011215621-nvj6e1d7sliyiix0
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
Bugzilla
|
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 |
|
||
|
contrib
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 2.16.5 |
|
||
|
debian
|
2 | 20 years ago | Bazaar Package Importer | Duplicate table creation is now also fixed in bugz |
|
||
|
docs
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 2.16.5 |
|
||
|
images
|
1.1.3 | 18 years ago | Bazaar Package Importer | Import upstream version 2.20 |
|
||
|
js
|
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 |
|
||
|
skins
|
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 |
|
||
|
t
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 2.16.5 |
|
||
|
template
|
1 | 20 years ago | Bazaar Package Importer | Import upstream version 2.16.5 |
|
||
attachment.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 45.5 KB |
|
|
|
buglist.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 46.1 KB |
|
|
bugzilla.dtd |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 2.6 KB |
|
|
|
Bugzilla.pm |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 12.9 KB |
|
|
|
chart.cgi |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 9.7 KB |
|
|
|
checksetup.pl |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 188 KB |
|
|
|
colchange.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 4.5 KB |
|
|
|
collectstats.pl |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 17.2 KB |
|
|
|
config.cgi |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 3.4 KB |
|
|
|
createaccount.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 3.1 KB |
|
|
|
describecomponents.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 3.5 KB |
|
|
|
describekeywords.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 1.7 KB |
|
|
|
duplicates.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 9.2 KB |
|
|
|
duplicates.xul |
1.1.3 | 18 years ago | Bazaar Package Importer | Import upstream version 2.20 | 6.5 KB |
|
|
|
editclassifications.cgi |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 7.9 KB |
|
|
|
editcomponents.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 12.2 KB |
|
|
|
editflagtypes.cgi |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 24 KB |
|
|
|
editgroups.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 26 KB |
|
|
|
editkeywords.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 8 KB |
|
|
|
editmilestones.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 10.3 KB |
|
|
|
editparams.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 4.5 KB |
|
|
|
editproducts.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 38.1 KB |
|
|
|
editsettings.cgi |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 2.9 KB |
|
|
|
editusers.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 33 KB |
|
|
|
editvalues.cgi |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 12.5 KB |
|
|
|
editversions.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 8.2 KB |
|
|
|
editwhines.cgi |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 18.6 KB |
|
|
|
enter_bug.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 21.8 KB |
|
|
|
globals.pl |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 27.9 KB |
|
|
|
importxml.pl |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 46.6 KB |
|
|
|
index.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 1.9 KB |
|
|
|
long_list.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 1.2 KB |
|
|
|
Makefile |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 4.6 KB |
|
|
|
page.cgi |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 1.9 KB |
|
|
|
post_bug.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 16.5 KB |
|
|
|
process_bug.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 81 KB |
|
|
|
productmenu.js |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 9 KB |
|
|
|
query.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 15.2 KB |
|
|
|
QUICKSTART |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 3.5 KB |
|
|
|
quips.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 4.3 KB |
|
|
|
README |
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 | 892 bytes |
|
|
|
relogin.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 7.4 KB |
|
|
|
report.cgi |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 12.5 KB |
|
|
|
reports.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 9.5 KB |
|
|
|
request.cgi |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 13 KB |
|
|
|
robots.txt |
1 | 20 years ago | Bazaar Package Importer | Import upstream version 2.16.5 | 44 bytes |
|
|
|
runtests.pl |
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 | 1.1 KB |
|
|
|
sanitycheck.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 31.1 KB |
|
|
|
show_activity.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 1.9 KB |
|
|
|
show_bug.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 3.7 KB |
|
|
|
showattachment.cgi |
3.1.1 | 18 years ago | Bazaar Package Importer | * New upstream minor release + Fixed a security | 1.1 KB |
|
|
|
showdependencygraph.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 9.1 KB |
|
|
|
showdependencytree.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 6.7 KB |
|
|
|
sidebar.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 1.7 KB |
|
|
|
summarize_time.cgi |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 17.1 KB |
|
|
|
testagent.cgi |
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 | 836 bytes |
|
|
|
testserver.pl |
1.1.5 | 17 years ago | Bazaar Package Importer | Import upstream version 2.22.1 | 8.3 KB |
|
|
|
token.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 11.8 KB |
|
|
|
UPGRADING |
1 | 20 years ago | Bazaar Package Importer | Import upstream version 2.16.5 | 188 bytes |
|
|
|
UPGRADING-pre-2.8 |
1.1.2 | 18 years ago | Bazaar Package Importer | Import upstream version 2.18.4 | 17.9 KB |
|
|
|
userprefs.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 16.5 KB |
|
|
|
votes.cgi |
3.1.4 | 17 years ago | Bazaar Package Importer | * New upstream release (2.22.1) fixes several secu | 13.5 KB |
|
|
|
whine.pl |
1.1.4 | 18 years ago | Bazaar Package Importer | Import upstream version 2.22 | 24.4 KB |
|
|
|
whineatnews.pl |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 2.5 KB |
|
|
|
xml.cgi |
3.1.3 | 18 years ago | Bazaar Package Importer | * New upstream release (2.22). (closes: #365304) | 1.2 KB |
|
|