There are many security bugs I would like to see fixed in our next set of releases, see dependencies. I'm actively working on them. And so we will need a SecAdv.
*** Bug 346524 has been marked as a duplicate of this bug. ***
Bug 38862 won't be taken for these releases, as it's conflicting with bug 346086. We will fix it next time. :) Note that all other security bugs have been reviewed!
Created attachment 239870 [details] Security Advisory Okay, here's the advisory. I'll also send an email to security@ to let them know that it's up here.
Comment on attachment 239870 [details] Security Advisory >We strongly advise that 2.18.x users upgrade to 2.18.6. 2.20.x users >should upgrade to 2.22.3. s/2.22.3/2.20.3/ >* The Bugzilla Project would like to express special thanks to > Frédéric. Yay! Thanks a lot! :) I didn't check the affected version numbers, but they look correct at first glance. r=LpSolit with the typo above fixed.
Created attachment 242239 [details] v2 Okay, here's the updated Security Advisory. In the Credits section, I guessed at the name for the reporter of Issue 6 (based on his email address). I also emailed him directly to ask for his name.
Comment on attachment 242239 [details] v2 >We strongly advise that 2.18.x users upgrade to 2.18.6. 2.20.x users >should upgrade to 2.22.3. As I said in my previous review, 2.22.3 doesn't exist yet. :) It must be 2.20.3. Please fix that on checkin. r=LpSolit
He emailed me back, his full name is Adam Merrifield. (<-- Note to self.)
Okay, this has been put up on the staging site with the corrections pointed out by LpSolit.
Okay, I've sent the advisory, to announce, support-bugzilla, and BugTraq.