Closed Bug 606854 Opened 9 years ago Closed 9 years ago
Security advisory for Bugzilla 4
.0rc1, 3 .6 .3, 3 .4 .9 and 3 .2 .9
Three security bugs will be ready for our next releases. Bug 419014 has pending reviews, but only for backports, so I should get reviews pretty quickly.
Bug 419014 just got r+ for all the backports, so all security bugs are ready for checkin.
Assignee: general → mkanat
Status: NEW → ASSIGNED
Attachment #487275 - Flags: review?(LpSolit)
Attachment #487275 - Attachment is patch: false
Comment on attachment 487275 [details] Sec Adv, v1 >* It was possible to see graphs from Old Charts even if you did not > have access to a particular product, and you could browse a > a particular URL to see all product names. "a" is duplicated (a a particular URL). >Class: HTTP Response Splitting >Versions: Every Version Before 3.2.9, 3.4.9, 3.6.3, 4.0rc1 > (including unreleased 1.x versions of Bugzilla). I agree that all versions of Bugzilla are affected, as it used the hardcoded string "ThisRandomString" in version 1.1 of buglist.cgi, but I don't remember we ever mentioned Bugzilla 1.x in any security advisory. IMO, it doesn't make sense to mention something which has never been released. I would drop the sentence in parentheses (it looks more like an archaeological news than something useful). >Description: The Old Charts system generated graphs with > predictable names into the "graphs/" directory, > which also could be browsed to see its contents. So what? I think the bug summary was giving more details than this description here. You should mention that it could disclose product names. >Description: YUI 2.8.1 was vulnerable to a Cross-Site Scripting > vulnerability in certain .swf files. The YUI shipped > with Bugzilla has been updated to 2.8.2. >References: https://bugzilla.mozilla.org/show_bug.cgi?id=606618 > http://secunia.com/advisories/41955 You should list the YUI Security Bulletin from Yahoo!, which is the original security advisory for this XSS vulnerability: http://yuilibrary.com/support/2.8.2/ Otherwise looks good.
Okay, I fixed all your points.
Comment on attachment 487739 [details] v2 thanks! r=LpSolit
Attachment #487739 - Flags: review?(LpSolit) → review+
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.