Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* In HTML bugmails, an improper validation of the permissions of the
addressee can lead to confidential information about bugs and
attachments to be visible to the addressee.
* The description of a private attachment can be visible to a user
who hasn't permissions to access this attachment if the attachment
ID is mentioned in a comment in a bug.
Al...
[ANN] Release of Bugzilla 3.0.4, 3.1.4, 2.22.4, and 2.20.6--Sig_/APAQZZ+qGwu.Hq/UgkhiOAo
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
The Bugzilla project has four releases today!
Bugzilla 3.0.4 is the latest stable version of Bugzilla, containing
several useful bug fixes over 3.0.3, particularly for the inbound email
interface.
Bugzilla 3.1.4 is our latest unstable development preview. It should
be more stable than 3.1.3, though we still don't recommend it for
production environments. Provided we don't find too many major issues
in this release, our next release will be Bugzilla...
[ANN] Release of Bugzilla 3.2.10, 3.4.10, 3.6.4, and 4.0rc2 Some serious security issues were discovered in Bugzilla, and as a
result we have four security releases for you today. We recommend that
all Bugzilla administrators read the Security Advisory that was
published along with these releases, and we also recommend that you
update as soon as possible.
Bugzilla 4.0rc2 is our second Release Candidate for Bugzilla 4.0.
This release has received QA testing and should be considerably more
stable than the development releases before it. It is still not
considered fully stable, and so you should understand that if you use
it, you use it at ...
[ANN] Release of Bugzilla 4.1.3, 4.0.2, 3.6.6, and 3.4.12 Today we are releasing 4.0.2, 3.6.6, 3.4.12, and the unstable
development snapshot 4.1.3.
All of today's releases contain security fixes. We recommend
all Bugzilla administrators read the Security Advisory linked below.
4.0.2 is our latest stable release, containing various useful
bug fixes and performance improvements.
3.6.6 and 3.4.12 are security updates for those series.
Note that 4.1.3 is an unstable development release and should not
be used in production environments. We are feature-frozen at this
point, however, so the features you see in 4.1.3 shoul...
[ANN] Release of Bugzilla 4.3.3, 4.2.3, 4.0.8, and 3.6.11 Today we are releasing 4.2.3, 4.0.8, 3.6.11, and the unstable
development snapshot 4.3.3.
All of today's releases contain security fixes. We recommend
all Bugzilla administrators to read the Security Advisory linked below.
Bugzilla 4.2.3 is our latest stable release. It contains various
useful bug fixes and security fixes for the 4.2 branch.
Bugzilla 4.0.8 and 3.6.11 are security updates for the 4.0
branch and the 3.6 branch, respectively. Both also contain
one bug fix.
Note that 4.3.3 is an unstable development release and should not
be used in production envir...
[ANN] Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Summary
=======
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers two security issues that have recently been
fixed in the Bugzilla code:
+ Some files stored on the web server are not correctly protected
against external access and can be viewed from a web browser.
+ Restricting a bug to a group while moving the bug to another product
has no effect if the group is not used by both products. The bug may
become public if no other group restriction applies.
All...
[ANN] Release of Bugzilla 4.3.1, 4.2.1, 4.0.6, and 3.6.9 Today we are releasing 4.2.1, 4.0.6, 3.6.9, and the unstable
development snapshot 4.3.1.
All of today's releases contain security fixes. We recommend
all Bugzilla administrators to read the Security Advisory linked below.
Bugzilla 4.2.1 is our latest stable release. It contains various
useful bug fixes, performance improvements and security fixes for
the 4.2 branch.
Bugzilla 4.0.6 and 3.6.9 are security updates for the 4.0
branch and the 3.6 branch, respectively.
Note that 4.3.1 is an unstable development release and should not
be used in production environ...
[ANN] Release of Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 Today we have four new releases. One new development snapshot
(3.7.3), one new stable release (3.6.2) and two security updates
for the old stable releases (3.4.8 and 3.2.8).
Bugzilla 3.6.2 is our latest stable release. It contains various
useful bug fixes and security improvements for the 3.6 branch.
Bugzilla 3.4.8 and 3.2.8 are security updates for the 3.4
branch and the 3.2 branch, respectively.
Bugzilla 3.7.3 is our third unstable development release leading to
Bugzilla 4.0. We have done a fair amount of QA on this release.
However, QA found many bugs that have not ye...
[ANN] Release of Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12 Today we are releasing 4.4.3, 4.2.8, 4.0.12, and the unstable
development snapshot 4.5.3.
All of today's releases contain security fixes. We recommend
all Bugzilla administrators to read the Security Advisory linked below.
Bugzilla 4.4.3 is our latest stable release. It contains various
useful bug fixes, performance improvements and security fixes for
the 4.4 branch.
Bugzilla 4.2.8 and 4.0.12 are security updates for the 4.2
branch and the 4.0 branches, respectively. 4.2.8 also contains
several bug fixes.
Note that 4.5.3 is an unstable development release a...
[ANN] Release of Bugzilla 4.1.2, 4.0.1, 3.6.5, and 3.4.11 Today we are releasing 4.0.1, 3.6.5, 3.4.11, and the unstable
development snapshot 4.1.2.
Many users had difficulty installing Bugzilla 4.0, 3.6.4, and 3.4.10,
due to a bug related to the "Math::Random::Secure" library. These
releases fix that bug among other issues.
Note that 4.1.2 is an unstable development release and should not
be used in production environments. However, we are getting very close
to feature freeze for 4.2, so now is the time to give us feedback on
4.1.2 if you want its behavior to change significantly before we
release.
Download
-------...
[ANN] Security Advisory for Bugzilla 3.2.7, 3.4.7, 3.6.1, and 3.7.2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* It was possible to (at least partially) determine the membership
of any group using the Search interface.
* It was possible to use the 'sudo' feature without sending
a notification to the user being impersonated.
* The 'Reports' and 'Duplicates' pages let you guess the name of
products you could not see, due to the error message ...
[ANN] Security Advisory for Bugzilla Versions Prior to 3.4.12, 3.6.6, 4.0.2, and 4.1.3Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* Internet Explorer 8 and older, and Safari before 5.0.6 do content
sniffing when viewing a patch in "Raw Unified" mode, which could
trigger a cross-site scripting attack due to the execution of
malicious code in the attachment.
* It is possible to determine whether or not certain group names exist
while creating or updating bugs; and in Bugzilla 4.1.1 and 4.1.2,
also by using custom se...
[ANN] Release of Bugzilla 3.0.10, 3.2.6, 3.4.5, and 3.5.3-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Today we have four new releases:
Bugzilla 3.4.5 is our latest stable release. It contains various
useful bug fixes and security improvements.
Bugzilla 3.2.6 is a security update for the 3.2 branch, and
Bugzilla 3.0.11 is a security update for the 3.0 branch.
Bugzilla 3.5.3 is our latest unstable development release. We are now
feature-frozen for 3.6, so though there will be a few functional
changes between now and the final release, this is mostly what 3.6
will look like when it comes out. As usual with development release...
[ANN] Release of Bugzilla 4.4rc1, 4.2.4, 4.0.9, and 3.6.12 Today we are releasing 4.2.4, 4.0.9, 3.6.12, and the release
candidate 4.4rc1.
All of today's releases contain security fixes. We recommend
all Bugzilla administrators to read the Security Advisory linked below.
Bugzilla 4.2.4 is our latest stable release. It contains various
useful bug fixes and security fixes for the 4.2 branch.
Bugzilla 4.0.9 and 3.6.12 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.9 contains several
useful bug fixes and 3.6.12 contains one as well.
Bugzilla 4.4rc1 is our first Release Candidate for Bugzilla 4.4...