Summary: | <www-apps/bugzilla-3.4.4 Alias Field Information Leak (CVE-2009-3386) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | robbat2, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.bugzilla.org/security/3.4.3/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-12-11 13:36:21 UTC
Please bump our unstable to 3.4.4. CVE-2009-3386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3386): Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. 3.4.5 is in the tree (#303725) ~arch issue only. Closing noglsa. |