Query.cgi leaks product names (again)

RESOLVED FIXED in Bugzilla 2.22

Status

()

--
critical
RESOLVED FIXED
14 years ago
14 years ago

People

(Reporter: bugreport, Assigned: bugreport)

Tracking

({regression})

2.21
Bugzilla 2.22
regression
Bug Flags:
approval +

Details

Attachments

(1 attachment)

(Assignee)

Description

14 years ago
This is a close cousin of bug 312933
2.20 should not be effected

The "find a specific bug" form has the same leak.
(Assignee)

Comment 1

14 years ago
Created attachment 201135 [details] [diff] [review]
Patch - check can_see_product
Assignee: query-and-buglist → bugreport
Status: NEW → ASSIGNED
Attachment #201135 - Flags: review?
I would say that this is a security issue in a released version (2.21.1), yes?
Group: webtools-security
(Assignee)

Comment 3

14 years ago
This was introduced by bug 306601 that landed since 2.21.1
(Assignee)

Comment 4

14 years ago
	justdave	yeah, bug that created it landed after 2.20.1 went out.
	justdave	er, 2.21.1
	justdave	so there's never been a release containing it
	justdave	just fix it

We'll land the fix as soon as it is ready and drop the security flag then.

Comment 5

14 years ago
Comment on attachment 201135 [details] [diff] [review]
Patch - check can_see_product

r=LpSolit
Attachment #201135 - Flags: review? → review+

Updated

14 years ago
Flags: approval?
Flags: approval? → approval+
(Assignee)

Comment 6

14 years ago
Checking in template/en/default/search/search-specific.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/search/search-specific.ht
ml.tmpl,v  <--  search-specific.html.tmpl
new revision: 1.15; previous revision: 1.14
done
Group: webtools-security
Status: ASSIGNED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.