Security Advisory for 2.18.6, 2.20.3, 2.22.1, and 2.23.3

RESOLVED FIXED

Status

()

Bugzilla
bugzilla.org
--
blocker
RESOLVED FIXED
12 years ago
11 years ago

People

(Reporter: Frédéric Buclin, Assigned: Max Kanat-Alexander)

Tracking

Dependency tree / graph

Details

Attachments

(1 attachment, 1 obsolete attachment)

v2
7.22 KB, text/plain
Frédéric Buclin
: review+
Details
(Reporter)

Description

12 years ago
There are many security bugs I would like to see fixed in our next set of releases, see dependencies. I'm actively working on them. And so we will need a SecAdv.
(Reporter)

Comment 1

12 years ago
*** Bug 346524 has been marked as a duplicate of this bug. ***
(Assignee)

Updated

12 years ago
Assignee: justdave → nobody
(Reporter)

Updated

12 years ago
Depends on: 346564
(Reporter)

Comment 2

11 years ago
Bug 38862 won't be taken for these releases, as it's conflicting with bug 346086. We will fix it next time. :)

Note that all other security bugs have been reviewed!
No longer depends on: 38862
(Assignee)

Updated

11 years ago
Assignee: nobody → mkanat
(Assignee)

Comment 3

11 years ago
Created attachment 239870 [details]
Security Advisory

Okay, here's the advisory. I'll also send an email to security@ to let them know that it's up here.
Attachment #239870 - Flags: review?(LpSolit)
(Assignee)

Updated

11 years ago
Status: NEW → ASSIGNED
(Reporter)

Comment 4

11 years ago
Comment on attachment 239870 [details]
Security Advisory

>We strongly advise that 2.18.x users upgrade to 2.18.6. 2.20.x users
>should upgrade to 2.22.3.

s/2.22.3/2.20.3/


>* The Bugzilla Project would like to express special thanks to 
>  Frédéric.

Yay! Thanks a lot! :)


I didn't check the affected version numbers, but they look correct at first glance. r=LpSolit with the typo above fixed.
Attachment #239870 - Flags: review?(LpSolit) → review+
(Reporter)

Comment 5

11 years ago
Adding bug 355728 to the list. The sec adv will have to be updated accordingly.
Depends on: 355728
(Assignee)

Comment 6

11 years ago
Created attachment 242239 [details]
v2

Okay, here's the updated Security Advisory.

In the Credits section, I guessed at the name for the reporter of Issue 6 (based on his email address). I also emailed him directly to ask for his name.
Attachment #239870 - Attachment is obsolete: true
Attachment #242239 - Flags: review?(LpSolit)
(Reporter)

Comment 7

11 years ago
Comment on attachment 242239 [details]
v2

>We strongly advise that 2.18.x users upgrade to 2.18.6. 2.20.x users
>should upgrade to 2.22.3.


As I said in my previous review, 2.22.3 doesn't exist yet. :) It must be 2.20.3. Please fix that on checkin. r=LpSolit
Attachment #242239 - Flags: review?(LpSolit) → review+
(Assignee)

Comment 8

11 years ago
He emailed me back, his full name is Adam Merrifield. (<-- Note to self.)
(Assignee)

Comment 9

11 years ago
Okay, this has been put up on the staging site with the corrections pointed out by LpSolit.
(Assignee)

Comment 10

11 years ago
Okay, I've sent the advisory, to announce, support-bugzilla, and BugTraq.
Group: webtools-security
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.