Summary: | <www-apps/bugzilla-{3.0.11, 3.2.6, 3.4.5} Multiple vulnerabilites (CVE-2009-{3387,3989}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=532493 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 303437 |
Description
Stefan Behte (RETIRED)
![]() ![]() CVE-2009-3989 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3989): Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bumped ebuilds are in the tree now. Minimal keywording targets: 3.0.x: 3.0.11: alpha amd64 ia64 ppc ppc64 sparc x86 3.2.x: 3.2.6: alpha amd64 ia64 ppc ppc64 sparc x86 3.4.x: 3.4.5: (none previously stable) x86 stable ppc64 done alpha/ia64/sparc stable amd64 stable Marked ppc stable. GLSA with bug 239564, bug 258592, bug 264572, bug 284824, bug 303437, and bug 303725. GLSA 201006-19 |