FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- information leak

Affected packages
3.3.1 < bugzilla < 3.4.5

Details

VuXML ID 696053c6-0f50-11df-a628-001517351c22
Discovery 2010-01-31
Entry 2010-02-01

A Bugzilla Security Advisory reports:

When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in both products. As a workaround, you had to move the bug to the new product first and then restrict it to the desired groups, in two distinct steps, which could make the bug temporarily public.

[source]

References

CVE Name CVE-2009-3387
URL http://www.bugzilla.org/security/3.0.10/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.