Important Security Issue Fixed On Trunk
Max Kanat-Alexander
mkanat at bugzilla.org
Thu Jun 24 00:45:24 UTC 2010
Hey folks. This is an informal security advisory for trunk (3.7). A
security issue related to bug groups was introduced in revision 7205,
and was just fixed in revision 7239. There was never a released version
of Bugzilla that had this security issue, but it is critical enough that
I wanted to warn any installation that's running trunk (3.7), because it
would result in bugs getting created without mandatory groups if they
were created via the WebService or email_in. The bug was this one:
https://bugzilla.mozilla.org/show_bug.cgi?id=572602
If you are running 3.7, you should update to the latest 3.7 code
immediately.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
More information about the developers
mailing list