Branches for Warty

Name Status Last Modified Last Commit
lp:ubuntu/warty/bugzilla 1 Development 2009-07-25 12:49:27 UTC 2009-07-25
2. Duplicate table creation is now also ...

Author: Rémi Perrot
Revision Date: 2004-04-02 01:13:32 UTC

Duplicate table creation is now also fixed in bugzilla.postinst
(closes: #224288)

lp:ubuntu/warty-security/bugzilla 1 Development 2009-07-25 12:49:35 UTC 2009-07-25
3. * SECURITY UPDATE: multiple vulnerabi...

Author: Nafallo Bjälevik
Revision Date: 2005-06-14 11:06:00 UTC

* SECURITY UPDATE: multiple vulnerabilities
* CGI.pl, template/en/default/global/code-error.html.tmpl:
  - Substitute <, > and & with their HTML alternatives to prevent XSS.
  - CAN-2004-1061
* editgroups.cgi, editusers.cgi:
  - Rewrite of the SQL querys for grouphandling to prevent SQL injection.
  - CAN-2004-0707
* editgroups.cgi, editusers.cgi, editcomponents.cgi, editmilestones,
  editproducts.cgi, editversions.cgi:
  - Removed un-needed form value display code to fix an XSS vulnerability.
  - CAN-2004-0705
* buglist.cgi, duplicates.cgi:
  - Added a check to see if the user is priviledged to see a hidden product.
    This prevents an information leak that showed the user all products by
    visiting duplicates.cgi. Also the check was needed for buglist.cgi.
  - CAN-2004-0704
* References:
  http://www.bugzilla.org/security/2.16.5/

12 of 2 results