Closed Bug 480875 Opened 16 years ago Closed 16 years ago

Security Advisory for Bugzilla 3.2.3 and 3.3.4

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
3.3.3
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

Attachments

(1 file, 1 obsolete file)

sec adv, 1.1
2.13 KB, text/plain
Details
Bug 476603 is our single security fix for the coming releases and will land on tip and on the 3.2 branch only.
Attached file sec adv, v1 (obsolete) —
Assignee: general → LpSolit
Status: NEW → ASSIGNED
Attachment #366709 - Flags: review?(mkanat)
Comment on attachment 366709 [details] sec adv, v1 >Summary >======= > >Bugzilla is a Web-based bug-tracking system, used by a large number of >software projects. > >This advisory covers one security issue that has recently been >fixed in the Bugzilla code: > >* Attachment edition was vulnerable to a cross-site request forgery. "editing" not "edition". > Note that this issue was only fixed for 3.2.3 and 3.3.4 even though > all versions of Bugzilla are affected (see below for an explanation). >Description: Attachment edition was vulnerable to a cross-site request editing Otherwise this looks great.
Attachment #366709 - Flags: review?(mkanat) → review+
Attached file sec adv, 1.1
s/edition/editing/g
Attachment #366709 - Attachment is obsolete: true
Security advisory sent.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Group: bugzilla-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: