Closed
Bug 220332
Opened 22 years ago
Closed 22 years ago
Insecure dependency in exec while running with -T switch at process_bug.cgi line 1267.
Categories
(Bugzilla :: Creating/Changing Bugs, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: hauser, Assigned: goobix)
References
()
Details
(Whiteboard: [fixed for 2.16.4] [does not affect trunk])
Attachments
(1 file)
|
695 bytes,
patch
|
justdave
:
review+
gerv
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030907
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030907
seems to be related to bug 177828
Reproducible: Didn't try
Steps to Reproduce:
1. add text and remove a cc in one change
2.
3.
Actual Results:
no mails were sent out
Expected Results:
mails should have been sent out
|
||
Comment 1•22 years ago
|
||
What version of Bugzilla?
|
Reporter | |
Updated•22 years ago
|
Version: unspecified → 2.16.3
|
|
||
Comment 2•22 years ago
|
||
confirmed on http://landfill.bugzilla.org/bugzilla-2.16-branch/
Severity: normal → blocker
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Priority: -- → P1
Hardware: PC → All
Whiteboard: [wanted for 2.16.4] [does not affect trunk]
Target Milestone: --- → Bugzilla 2.16
|
Assignee | |
Updated•22 years ago
|
Summary: Insecure dependency in exec while running with -T switch at /www/bugzilla/htdocs/process_bug.cgi line 1267. → Insecure dependency in exec while running with -T switch at /bugzilla/process_bug.cgi line 1267.
|
|
Assignee | |
Comment 3•22 years ago
|
||
This should fix the issue. (I haven't managed to make sendmail work on my
localhost to properly test it that it solves the problem)
|
|
Assignee | |
Updated•22 years ago
|
Attachment #133023 -
Flags: review?(kiko)
|
|
Assignee | |
Updated•22 years ago
|
Status: NEW → ASSIGNED
|
|
||
Comment 4•22 years ago
|
||
Comment on attachment 133023 [details] [diff] [review]
Patch tainting securely removed emails
requesting 2nd review
Attachment #133023 -
Flags: review?(kiko)
Attachment #133023 -
Flags: review?(bbaetz)
Attachment #133023 -
Flags: review+
|
|
Assignee | |
Updated•22 years ago
|
Status: NEW → ASSIGNED
|
|
||
Updated•22 years ago
|
Summary: Insecure dependency in exec while running with -T switch at /bugzilla/process_bug.cgi line 1267. → Insecure dependency in exec while running with -T switch at process_bug.cgi line 1267.
|
||
Comment 6•22 years ago
|
||
I applied the patch but when trying to remove a CC I get this in the Apache
error_log:
Premature end of script headers: process_bug.cgi
|
|
||
Comment 7•22 years ago
|
||
My bad.
The patch worked.
The problem I had was because I ran 'patch' as root, so the patched file was
owned by 'root' instead of nobody. Once I changed the ownership of
process_bug.cgi back to 'nobody' it worked.
I could complain that Apache should have given a better error mesage, but I
won't :-)
|
||
Comment 8•22 years ago
|
||
Comment on attachment 133023 [details] [diff] [review]
Patch tainting securely removed emails
r=gerv, on the basis that it is reported to have worked, and I can't see how
the patch can break anything.
Gerv
Attachment #133023 -
Flags: review?(bbaetz)
|
|
Assignee | |
Updated•22 years ago
|
Flags: approval?
|
|
||
Updated•22 years ago
|
Flags: approval? → approval+
|
|
Assignee | |
Comment 9•22 years ago
|
||
Checking in process_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi
new revision: 1.125.2.8; previous revision: 1.125.2.7
done
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Whiteboard: [wanted for 2.16.4] [does not affect trunk] → [fixed for 2.16.4] [does not affect trunk]
|
||
Updated•13 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•