Closed Bug 797226 Opened 12 years ago Closed 12 years ago

A-dependent-bug-changed bugmail on an un-hidden bug sometimes exposes the unobscured summary of a dependent hidden bug

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Waldo, Assigned: dkl)

References

Details

Attachments

(2 files)

Dependency-change email that includes a hidden bug's summary, unobscured
5.61 KB, message/rfc822
Details
Patch to sanitize subject of blocker bug (v1)
1.15 KB, patch
glob
: review+
Details | Diff | Splinter Review
The specific scenario I'm aware of where this happens is this: * hidden bug A gets marked fixed * open bug B depends on hidden bug A * people on the CC list of bug B, with the right mail settings, are sent mail (unencrypted, in the clear) saying that bug B changed state * the referenced-bugs section will hide bug A's summary, but the main body of the dependency mail includes bug A's summary unhidden See the attachment for an example.
Severity: normal → critical
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Attachment #686772 - Flags: review?(glob)
Comment on attachment 686772 [details] [diff] [review] Patch to sanitize subject of blocker bug (v1) r=glob excellent, i really like this fix
Attachment #686772 - Flags: review?(glob) → review+
Thanks Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0 modified extensions/SecureMail/Extension.pm Committed revision 8405. Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2 modified extensions/SecureMail/Extension.pm Committed revision 8437.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
I saw this in bugmail sent today. Has this been deployed on b.m.o yet? (Is this expected to be fixed in production?)
Unfortunately not yet. still waiting on the code push by IT.
Depends on: 818249
If this is fixed, should I ever expect to get bugmail for bug XXXXXX whose contents look like this: """ Bug XXXXXX depends on bug YYYYYY, which changed state. Bug YYYYYY Summary: (Secure bug) https://bugzilla.mozilla.org/show_bug.cgi?id=YYYYYY What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Referenced Bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=YYYYYY [Bug YYYYYY] The actual bug summary """ Because I got an encrypted bugmail with these contents on January 30 this year, and I'd thought that wasn't supposed to happen with this fixed.
Component: Extensions: SecureMail → Extensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: