303437 – www-apps/bugzilla 3.0.10, 3.2.5 and 3.4.4 security fixes

Bug 303437 - www-apps/bugzilla 3.0.10, 3.2.5 and 3.4.4 security fixes

Summary: www-apps/bugzilla 3.0.10, 3.2.5 and 3.4.4 security fixes

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.bugzilla.org/news/#release345
Whiteboard:
Keywords:

Depends on:	CVE-2009-3387
Blocks:
	Show dependency tree

Reported:	2010-02-04 12:07 UTC by Marko Steinberger
Modified:	2010-06-04 05:17 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch for bugzilla-3.2.5 (bugzilla-3.2.6.diff,464 bytes, patch) 2010-02-04 13:28 UTC, Marko Steinberger	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marko Steinberger 2010-02-04 12:07:45 UTC

Two information leaks have been fixed. Impact seems to be minor for standard installations.

Fixing this bug should fix a couple of other mostly outdated bugs as well: 
296520, 258738, 239564, 284824, 258592.

Reproducible: Always

Comment 1 Marko Steinberger 2010-02-04 13:28:22 UTC

Created attachment 218397 [details, diff]
Patch for bugzilla-3.2.5

Trivial version bump for bugzilla 3.2 series. Only minor change within header lines are necessary. Upgrade with webapp-config worked flawlessly.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2010-02-17 15:58:32 UTC

Don't CC maintainers when you cannot assign bugs, please.

Comment 3 Torsten Veller (RETIRED) gentoo-dev

2010-02-18 08:14:15 UTC

Superseded by later vulernabilities. See bug #303725.

Comment 4 Alex Legler (RETIRED) archtester

2010-05-31 07:35:04 UTC

GLSA with bug 239564, bug 258592, bug 264572, bug 284824, bug 303437, and bug 303725.

Comment 5 Alex Legler (RETIRED) archtester

2010-06-04 05:17:39 UTC

GLSA 201006-19