Closed Bug 346525 Opened 18 years ago Closed 18 years ago

Security Advisory for 2.18.6, 2.20.3, 2.22.1, and 2.23.3

Categories

(Bugzilla :: bugzilla.org, defect)

Product:
Bugzilla
Component:
bugzilla.org
Version:
2.18.5
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: LpSolit, Assigned: mkanat)

References

Details

Attachments

(1 file, 1 obsolete file)

v2
7.22 KB, text/plain
LpSolit
: review+
Details 
There are many security bugs I would like to see fixed in our next set of releases, see dependencies. I'm actively working on them. And so we will need a SecAdv.
*** Bug 346524 has been marked as a duplicate of this bug. ***
Assignee: justdave → nobody
Depends on: 346564
Bug 38862 won't be taken for these releases, as it's conflicting with bug 346086. We will fix it next time. :)

Note that all other security bugs have been reviewed!
No longer depends on: 38862
Assignee: nobody → mkanat
Attached file Security Advisory (obsolete) — 
Okay, here's the advisory. I'll also send an email to security@ to let them know that it's up here.
Attachment #239870 - Flags: review?(LpSolit)
Status: NEW → ASSIGNED
Comment on attachment 239870 [details]
Security Advisory

>We strongly advise that 2.18.x users upgrade to 2.18.6. 2.20.x users
>should upgrade to 2.22.3.

s/2.22.3/2.20.3/


>* The Bugzilla Project would like to express special thanks to 
>  Frédéric.

Yay! Thanks a lot! :)


I didn't check the affected version numbers, but they look correct at first glance. r=LpSolit with the typo above fixed.
Attachment #239870 - Flags: review?(LpSolit) → review+
Adding bug 355728 to the list. The sec adv will have to be updated accordingly.
Depends on: 355728
Attached file v2 
Okay, here's the updated Security Advisory.

In the Credits section, I guessed at the name for the reporter of Issue 6 (based on his email address). I also emailed him directly to ask for his name.
Attachment #239870 - Attachment is obsolete: true
Attachment #242239 - Flags: review?(LpSolit)
Comment on attachment 242239 [details]
v2

>We strongly advise that 2.18.x users upgrade to 2.18.6. 2.20.x users
>should upgrade to 2.22.3.


As I said in my previous review, 2.22.3 doesn't exist yet. :) It must be 2.20.3. Please fix that on checkin. r=LpSolit
Attachment #242239 - Flags: review?(LpSolit) → review+
He emailed me back, his full name is Adam Merrifield. (<-- Note to self.)
Okay, this has been put up on the staging site with the corrections pointed out by LpSolit.
Okay, I've sent the advisory, to announce, support-bugzilla, and BugTraq.
Group: webtools-security
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: