Need some more information about the #272620 bug

Alexis Sukrieh sukria at sukria.net
Fri Jan 7 13:32:53 UTC 2005


Hello Bugzilla developers.

I'm working on the maintenance of the Bugzilla package for the Debian
project.

We have recently noticed that there is an important bug report on
Bugzilla which is about XSS issues[1].

This bug is closed to the public in your bug database and then, the
Debian team is not able to access details about what can be
vulnerable in the sofwtare.

We would really apreciate your help to fix this bug.

I've already try to exploit our Bugzilla version with submiting values
such as '<script>alert(1)</script>' in many forms and, hopefully,
everytime, Bugzilla said that the variable is not valid.

Anyway, as this bug is serious, I really cannot close it without being
sure that our version is not affected.

We actually provide the 2.16.7 release.

Any help is strongly welcome.

Best Regards.

Alexis.

1 :
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030222.html

-- 
                                  Alexis Sukrieh <sukria at sukria.net>
                                               http://www.sukria.net

« Quidquid latine dictum sit, altum sonatur. » 
Whatever is said in Latin sounds profound.




More information about the developers mailing list