Bug#308788: Bug#308787: CVE IDs

To: Joey Hess <joeyh@debian.org>, 308787@bugs.debian.org
Cc: 308788@bugs.debian.org, frankie@debian.org
Subject: Bug#308788: Bug#308787: CVE IDs
From: Alexis Sukrieh <sukria@sukria.net>
Date: Tue, 17 May 2005 22:18:56 +0200
Message-id: <[🔎] 20050517201856.GA11274@sukria.net>
Reply-to: Alexis Sukrieh <sukria@sukria.net>, 308788@bugs.debian.org
In-reply-to: <20050516231644.GA28165@kitenet.net>
References: <20050516231644.GA28165@kitenet.net>

* Joey Hess (joeyh@debian.org) disait :
> Note this this hole has been assigned two CVE IDs:
> 
> CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows
> CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different
> 
> I don't quite understand the previous message from Alexis Sukrieh about
> needing to wait for some kind of web app policy before fixing these
> security holes. The above two CANs affect sarge and need to be fixed.

You are perfectly right. I just wasn't aware of the fact that those
security issues did affect sarge, I was focused on the unstable 2.18
package, my fault.

Be sure that providing a safe package for sarge is my top priority by
now.

Thanks a lot for the report Joey.


-- 
                                  Alexis Sukrieh <sukria@sukria.net>
                                               http://www.sukria.net

« Quidquid latine dictum sit, altum sonatur. » 
Whatever is said in Latin sounds profound.

Reply to:

Prev by Date: Processed: apache2 trouble
Next by Date: Processed: (no subject)
Previous by thread: Processed: apache2 trouble
Next by thread: Processed: (no subject)
Index(es):
- Date
- Thread