bugzilla 2.22.1-2.2ubuntu1.8.04.1 source package in Ubuntu
Changelog
bugzilla (2.22.1-2.2ubuntu1.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
-- Stefan Lesicnik <email address hidden> Sat, 11 Oct 2008 21:56:21 +0200
Upload details
- Uploaded by:
- Stefan Lesicnik
- Sponsored by:
- Kees Cook
- Uploaded to:
- Hardy
- Original maintainer:
- MOTU
- Architectures:
- all
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| bugzilla_2.22.1.orig.tar.gz | 1.8 MiB | 9293f96ab75bda9583a247c8af768e77e77242d3c724c18a96dee4557e84e61a |
| bugzilla_2.22.1-2.2ubuntu1.8.04.1.diff.gz | 68.1 KiB | 675a78ac337b3c8cc974d1ec6d1335e94c647c36f4781310cf108c1093db32d2 |
| bugzilla_2.22.1-2.2ubuntu1.8.04.1.dsc | 925 bytes | a96ce4b1de196981d3c7a98a5cd037b45a10996f7a9d459beec23f9c19bc94ed |
Available diffs
Binary packages built by this source
- bugzilla: No summary available for bugzilla in ubuntu hardy.
No description available for bugzilla in ubuntu hardy.
- bugzilla-doc: No summary available for bugzilla-doc in ubuntu hardy.
No description available for bugzilla-doc in ubuntu hardy.
