Closed
Bug 782687
Opened 12 years ago
Closed 12 years ago
list/list.js.tmpl is restored when upgrading Bugzilla using CVS with the BUGZILLA-3_6-STABLE, BUGZILLA-4_0-STABLE and Bugzilla_Stable tags
Categories
(Bugzilla :: bugzilla.org, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: LpSolit, Assigned: dkl)
Details
When using CVS to upgrade Bugzilla to 3.6.10 or 4.0.7 using the BUGZILLA-3_6-STABLE or BUGZILLA-4_0-STABLE tag, the list/list.js.tmpl template is restored despite it has been removed from the repo to fix CVE-2012-0466, see bug 745397: # cvs -q up -rBUGZILLA-4_0_7 -dP cvs update: template/en/default/list/list.js.tmpl is no longer in the repository # cvs -q up -rBUGZILLA-4_0-STABLE -dP U template/en/default/list/list.js.tmpl This is pretty critical, because this means that all installations using the -STABLE cvs tag to upgrade (e.g. GCC Bugzilla) are still vulnerable to this issue.
Reporter | ||
Comment 1•12 years ago
|
||
I just realized that the Bugzilla_Stable tag still points to rev 1.3 of list.js.tmpl, which is incorrect. It should be removed from there too.
Assignee: website → dkl
Summary: list/list.js.tmpl is restored when upgrading Bugzilla using CVS with the BUGZILLA-3_6-STABLE and BUGZILLA-4_0-STABLE tags → list/list.js.tmpl is restored when upgrading Bugzilla using CVS with the BUGZILLA-3_6-STABLE, BUGZILLA-4_0-STABLE and Bugzilla_Stable tags
Assignee | ||
Comment 2•12 years ago
|
||
Verified fixed now for BUGZILLA-4_0_7, BUGZILLA-4_0-STABLE and Bugzilla_Stable. Closing.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•12 years ago
|
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•