Closed
Bug 220332
Opened 21 years ago
Closed 21 years ago
Insecure dependency in exec while running with -T switch at process_bug.cgi line 1267.
Categories
(Bugzilla :: Creating/Changing Bugs, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: hauser, Assigned: goobix)
References
()
Details
(Whiteboard: [fixed for 2.16.4] [does not affect trunk])
Attachments
(1 file)
695 bytes,
patch
|
justdave
:
review+
gerv
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030907 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030907 seems to be related to bug 177828 Reproducible: Didn't try Steps to Reproduce: 1. add text and remove a cc in one change 2. 3. Actual Results: no mails were sent out Expected Results: mails should have been sent out
Comment 1•21 years ago
|
||
What version of Bugzilla?
Reporter | ||
Updated•21 years ago
|
Version: unspecified → 2.16.3
Comment 2•21 years ago
|
||
confirmed on http://landfill.bugzilla.org/bugzilla-2.16-branch/
Severity: normal → blocker
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Priority: -- → P1
Hardware: PC → All
Whiteboard: [wanted for 2.16.4] [does not affect trunk]
Target Milestone: --- → Bugzilla 2.16
Assignee | ||
Updated•21 years ago
|
Summary: Insecure dependency in exec while running with -T switch at /www/bugzilla/htdocs/process_bug.cgi line 1267. → Insecure dependency in exec while running with -T switch at /bugzilla/process_bug.cgi line 1267.
Assignee | ||
Comment 3•21 years ago
|
||
This should fix the issue. (I haven't managed to make sendmail work on my localhost to properly test it that it solves the problem)
Assignee | ||
Updated•21 years ago
|
Attachment #133023 -
Flags: review?(kiko)
Assignee | ||
Updated•21 years ago
|
Status: NEW → ASSIGNED
Comment 4•21 years ago
|
||
Comment on attachment 133023 [details] [diff] [review] Patch tainting securely removed emails requesting 2nd review
Attachment #133023 -
Flags: review?(kiko)
Attachment #133023 -
Flags: review?(bbaetz)
Attachment #133023 -
Flags: review+
Assignee | ||
Updated•21 years ago
|
Status: NEW → ASSIGNED
Updated•21 years ago
|
Summary: Insecure dependency in exec while running with -T switch at /bugzilla/process_bug.cgi line 1267. → Insecure dependency in exec while running with -T switch at process_bug.cgi line 1267.
Comment 6•21 years ago
|
||
I applied the patch but when trying to remove a CC I get this in the Apache error_log: Premature end of script headers: process_bug.cgi
Comment 7•21 years ago
|
||
My bad. The patch worked. The problem I had was because I ran 'patch' as root, so the patched file was owned by 'root' instead of nobody. Once I changed the ownership of process_bug.cgi back to 'nobody' it worked. I could complain that Apache should have given a better error mesage, but I won't :-)
Comment 8•21 years ago
|
||
Comment on attachment 133023 [details] [diff] [review] Patch tainting securely removed emails r=gerv, on the basis that it is reported to have worked, and I can't see how the patch can break anything. Gerv
Attachment #133023 -
Flags: review?(bbaetz)
Assignee | ||
Updated•21 years ago
|
Flags: approval?
Updated•21 years ago
|
Flags: approval? → approval+
Assignee | ||
Comment 9•21 years ago
|
||
Checking in process_bug.cgi; /cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi new revision: 1.125.2.8; previous revision: 1.125.2.7 done
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Whiteboard: [wanted for 2.16.4] [does not affect trunk] → [fixed for 2.16.4] [does not affect trunk]
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•