Closed Bug 797226 Opened 12 years ago Closed 12 years ago

A-dependent-bug-changed bugmail on an un-hidden bug sometimes exposes the unobscured summary of a dependent hidden bug

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Waldo, Assigned: dkl)

References

Details

Attachments

(2 files)

Dependency-change email that includes a hidden bug's summary, unobscured
5.61 KB, message/rfc822
Details
Patch to sanitize subject of blocker bug (v1)
1.15 KB, patch
glob
: review+
Details | Diff | Splinter Review 
The specific scenario I'm aware of where this happens is this:

* hidden bug A gets marked fixed
* open bug B depends on hidden bug A
* people on the CC list of bug B, with the right mail settings, are sent mail (unencrypted, in the clear) saying that bug B changed state
* the referenced-bugs section will hide bug A's summary, but the main body of the dependency mail includes bug A's summary unhidden

See the attachment for an example.
Severity: normal → critical
Assignee: nobody → dkl
Status: NEW → ASSIGNED

        Attachment #686772 -
        Flags: review?(glob)

    
    

    
  
Comment on attachment 686772 [details] [diff] [review]
Patch to sanitize subject of blocker bug (v1)

r=glob

excellent, i really like this fix

        Attachment #686772 -
        Flags: review?(glob) → review+

    
    

    
  
Thanks

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0
modified extensions/SecureMail/Extension.pm
Committed revision 8405.

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2
modified extensions/SecureMail/Extension.pm
Committed revision 8437.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED

    
    

    
  
I saw this in bugmail sent today. Has this been deployed on b.m.o yet? (Is this expected to be fixed in production?)

    
    

    
  
Unfortunately not yet. still waiting on the code push by IT.
Depends on: 818249

    
    

    
  
If this is fixed, should I ever expect to get bugmail for bug XXXXXX whose contents look like this:

"""
Bug XXXXXX depends on bug YYYYYY, which changed state.

Bug YYYYYY Summary: (Secure bug)
https://bugzilla.mozilla.org/show_bug.cgi?id=YYYYYY

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

Referenced Bugs:

https://bugzilla.mozilla.org/show_bug.cgi?id=YYYYYY
[Bug YYYYYY] The actual bug summary
"""

Because I got an encrypted bugmail with these contents on January 30 this year, and I'd thought that wasn't supposed to happen with this fixed.
Component: Extensions: SecureMail → Extensions

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: