Last Comment Bug 859682 - Dependency tree bug list link reveals information user cannot otherwise see
: Dependency tree bug list link reveals information user cannot otherwise see
Status: RESOLVED DUPLICATE of bug 370883
:
Product: Bugzilla
Classification: Server Software
Component: Dependency Views (show other bugs)
: 4.2
: All All
: -- minor (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: default-qa
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-08 23:11 PDT by mail
Modified: 2013-04-09 01:18 PDT (History)
0 users
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description mail 2013-04-08 23:11:33 PDT
I have four bugs. Bug One depends on Bug Two which depends on Bug Three which depends on Bug Four. Bug Two and Bug Three are private. If I view the dependency tree for Bug One, the 'View as bug list' contains a link to Bug Four. This should not be because the user is unaware that Bug Two depends on Bug Three.

An example of this is at the tip:
https://landfill.bugzilla.org/bugzilla-tip/showdependencytree.cgi?id=20901&hide_resolved=1

The bug list link contains Bug Four.
Comment 1 Frédéric Buclin 2013-04-09 01:16:10 PDT
IMO, that's not really a security bug. You still cannot know what the security bugs are about. I agree that once a bug you cannot see is found, the recursion should stop at this point.
Comment 2 Frédéric Buclin 2013-04-09 01:18:03 PDT
And actually, this bug is known for years and is public.

*** This bug has been marked as a duplicate of bug 370883 ***

Note You need to log in before you can comment on or make changes to this bug.