Closed
Bug 859682
Opened 11 years ago
Closed 11 years ago
Dependency tree bug list link reveals information user cannot otherwise see
Categories
(Bugzilla :: Dependency Views, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 370883
People
(Reporter: mail, Unassigned)
Details
I have four bugs. Bug One depends on Bug Two which depends on Bug Three which depends on Bug Four. Bug Two and Bug Three are private. If I view the dependency tree for Bug One, the 'View as bug list' contains a link to Bug Four. This should not be because the user is unaware that Bug Two depends on Bug Three. An example of this is at the tip: https://landfill.bugzilla.org/bugzilla-tip/showdependencytree.cgi?id=20901&hide_resolved=1 The bug list link contains Bug Four.
Comment 1•11 years ago
|
||
IMO, that's not really a security bug. You still cannot know what the security bugs are about. I agree that once a bug you cannot see is found, the recursion should stop at this point.
Severity: normal → minor
Comment 2•11 years ago
|
||
And actually, this bug is known for years and is public.
Group: bugzilla-security
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•