diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2009-08-05 23:19:37 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2009-08-05 23:19:37 +0000 |
| commit | ffa5a2aa6ec065858842a2cf6f89e35d016db262 (patch) | |
| tree | 8162bfbc5cb05aa9e73244f8a14f1c2f5d923715 /security/vuxml/vuln.xml | |
| parent | 25f541111900595d2f9a6fbec464fa4a3bf3693f (diff) | |
| download | ports-ffa5a2aa6ec065858842a2cf6f89e35d016db262.tar.gz ports-ffa5a2aa6ec065858842a2cf6f89e35d016db262.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 72cf85ddfffd..aa9a7a091fde 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d67b517d-8214-11de-88ea-001a4d49522b"> + <topic>bugzilla -- product name information leak</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.4</gt><lt>3.4.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4/"> + <p>Normally, users are only supposed to see products that + they can file bugs against in the "Product" drop-down on + the bug-editing page. Instead, users were being shown all + products, even those that they normally could not see. Any + user who could edit any bug could see all product + names.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.bugzilla.org/security/3.4/</url> + </references> + <dates> + <discovery>2009-07-30</discovery> + <entry>2009-08-05</entry> + </dates> + </vuln> + <vuln vid="49e8f2ee-8147-11de-a994-0030843d3802"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> |