CVE-2008-4437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4437): Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
See #237842
I missed your bug, because it was not filed in the "Gentoo Security" product. Security will watch over this one, please mark your bug as duplicate (I don't have the rights to do that).
*** Bug 237842 has been marked as a duplicate of this bug. ***
Added bugzilla-2.22.5, -3.0.5. Targets: bugzilla-2.22.5: amd64 ia64 ppc ppc64 sparc x86 bugzilla-3.0.5: alpha amd64 ia64 ppc ppc64 sparc x86
amd64/x86 stable
sparc stable
alpha/ia64 stable
ppc/ppc64 stable
Ready for vote, I vote YES.
www-apps/bugzilla-3.0.5 Create file reports with invalid mask :( -rw------- 1 oleg oleg 6,7K Окт 16 13:13 -All-_NEW_ASSIGNED_REOPENED_UNCONFIRMED_RESOLVED_VERIFIED_CLOSED_FIXED_INVALID_WONTFIX_DUPLICATE_WORKSFORME_MOVED.png
Removed vulnerable versions. webapps done. @oleg: Sorry, I don't understand the comment you made. If this is a relevant bug report please open another issue and assign it to webapps.
(In reply to comment #11) > Removed vulnerable versions. webapps done. > > @oleg: Sorry, I don't understand the comment you made. If this is a relevant > bug report please open another issue and assign it to webapps. > Okey ;) I am try to comment: When I try view graphic report in bugzilla, no image see. But image report is exist with invalid access mode: -rw------- 1 oleg oleg 6,7K Окт 16 13:13 -All-_NEW_ASSIGNED_REOPENED_UNCONFIRMED_RESOLVED_VERIFIED_CLOSED_FIXED_INVALID_WONTFIX_DUPLICATE_WORKSFORME_MOVED.png
@Oleg: please file a new bug in case of an applicative bug independent from the current security bug. I vote yes too. Filling GLSA request. I re-rate the bug to B4. I consider that this directory traversal vulnerability only implies information leak.
But B4 does not require a GLSA.
rerating b3
Seems like we have a draft ready to send on this one.
GLSA with bug 239564, bug 258592, bug 264572, bug 284824, bug 303437, and bug 303725.
GLSA 201006-19