Viewing all changes in revision 8.
- Committer: Bazaar Package Importer
- Date: 2008-10-11 21:56:21 UTC
- Revision ID: james.westby@ubuntu.com-20081011215621-nvj6e1d7sliyiix0
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
- files added:
- debian/patches/CVE-2008-4437.dpatch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
