Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. * Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data. All affected installations ar...

[ANN] Release of Bugzilla 4.3.3, 4.2.3, 4.0.8, and 3.6.11
Today we are releasing 4.2.3, 4.0.8, 3.6.11, and the unstable development snapshot 4.3.3. All of today's releases contain security fixes. We recommend all Bugzilla administrators to read the Security Advisory linked below. Bugzilla 4.2.3 is our latest stable release. It contains various useful bug fixes and security fixes for the 4.2 branch. Bugzilla 4.0.8 and 3.6.11 are security updates for the 4.0 branch and the 3.6 branch, respectively. Both also contain one bug fix. Note that 4.3.3 is an unstable development release and should not be used in production envir...

Crashing more frequent in 3.0.4 than 3.0.0
Name: Brandi Miller Product: Firefox Summary: Crashing more frequent in 3.0.4 than 3.0.0 Comments: I had no problems with crashing in 3.0.0 except for on rare occasion when I pushed the limits by loading too much at once. Now, with 3.0.4, I am crashing multiple times a day. I'm not pleased at all and I hope you get this bug fixed. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish t...

[ANN] Release of Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12
Today we are releasing 4.4.3, 4.2.8, 4.0.12, and the unstable development snapshot 4.5.3. All of today's releases contain security fixes. We recommend all Bugzilla administrators to read the Security Advisory linked below. Bugzilla 4.4.3 is our latest stable release. It contains various useful bug fixes, performance improvements and security fixes for the 4.4 branch. Bugzilla 4.2.8 and 4.0.12 are security updates for the 4.2 branch and the 4.0 branches, respectively. 4.2.8 also contains several bug fixes. Note that 4.5.3 is an unstable development release a...

Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credentials. * Dangerous control characters can be inserted into Bugzilla, notably into bug comments, which can then be used to execute local commands. All affected installations are encouraged to upgrade as soon as possible. Vuln...

[ANN] Release of Bugzilla 4.2rc1, 4.0.3, 3.6.7, and 3.4.13
Today we are announcing the first Release Candidate for Bugzilla 4.2, in addition to one new stable release and two security-only updates for the 3.4.x and 3.6.x series. Bugzilla 4.2rc1 is our first Release Candidate for Bugzilla 4.2. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk. In particular, certain aspects of the WebServices have not yet been tested as part of this Release Candidate, s...

Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * When viewing tabular or graphical reports as well as new charts, an XSS vulnerability is possible in debug mode. * The User.offer_account_by_email WebService method lets you create a new user account even if the active authentication method forbids users to create an account. * A CSRF vulnerability in post_bug.cgi and in attachment.cgi could lead to ...

[ANN] Release of Bugzilla 4.1.3, 4.0.2, 3.6.6, and 3.4.12
Today we are releasing 4.0.2, 3.6.6, 3.4.12, and the unstable development snapshot 4.1.3. All of today's releases contain security fixes. We recommend all Bugzilla administrators read the Security Advisory linked below. 4.0.2 is our latest stable release, containing various useful bug fixes and performance improvements. 3.6.6 and 3.4.12 are security updates for those series. Note that 4.1.3 is an unstable development release and should not be used in production environments. We are feature-frozen at this point, however, so the features you see in 4.1.3 shoul...

Word wrapping in comments in Bugzilla 3.0.4 (with Germzilla 3.0.4-1)
Hello, how can I prevent Bugzilla from wrapping words in an unesthetic way? With the update on Bugzilla 3.0.4 and Germzilla 3.0.4-1 the wrapping of words has changed. A (german) comment, which is entered like this: Ich habe den Workaround etwas vereinfacht - ich nutze keinen separaten Dummy-Sender/-Receiver mehr, sondern irgendeinen bereits bestehenden. Jetzt brauche ich zwar keine separaten Konfigurationsdateien mehr - aber es werden immer noch Sender/-Receiver an einer Stelle ben�tigt, wo ich "nur" einen NetContainer haben m�chte .... is displayed like this: Ich habe d...

Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user account. * A CSRF vulnerability in the implementation of the JSON-RPC API could be used to make changes to bugs or execute some admin tasks without the victim's knowledge. All af...

[ANN] Release of Bugzilla 4.2rc2, 4.0.4, 3.6.8, and 3.4.14
Today we are announcing the second Release Candidate for Bugzilla 4.2, in addition to one new stable release and two security-only updates for the 3.4.x and 3.6.x series. Bugzilla 4.2rc2 is our second Release Candidate for Bugzilla 4.2. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk. This will most likely be the last release candidate before 4.2 final. Bugzilla 4.0.4 is our latest stable r...

How to roll back to Firefox 3.0.3 from Firefox 3.0.4
After I updated to firefox 3.0.4 I could no longer connect to the internet. Says server not found. Tried several web sites, including google and yahoo. It appears that the problem is with zonealarm firewall. If I turn off the firewall, the pages load. However, zonealarm normaly would ask me to allow it to connect to the internet. But is not since asking me about firefox, just blocking it. Never had that problem before. So while I figure that out, just like to go back to 3.0.3 Thanks for any help I can get. On 16.11.2008 09:30, CET - what odd quirk of fate ca...

FF-3.5.9, SM-2.0.4 and TB-3.0.4 uploaded to netlabs
A few days ahead of the official release for the other platforms, the OS/2 builds of the newest stability and security fixes can be downloaded from ftp.netlabs.org/pub/mozilla. No special OS/2 fixes since the last versions. Thunderbird contains the lightning calendar extension. Except the known workaround fixes for the broken gcc-3.3.5 parser no further patches were necessary to build the apps. Have fun, Walter On 03/18/10 04:54 pm, Walter Meinl wrote: > A few days ahead of the official release for the other platforms, the > OS/2 builds of the newest stability and security fi...

[ANN] Security Advisory for Bugzilla Versions Prior to 3.4.12, 3.6.6, 4.0.2, and 4.1.3
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of malicious code in the attachment. * It is possible to determine whether or not certain group names exist while creating or updating bugs; and in Bugzilla 4.1.1 and 4.1.2, also by using custom se...

[ANN] Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security issues that have recently been fixed in the Bugzilla code: + Some files stored on the web server are not correctly protected against external access and can be viewed from a web browser. + Restricting a bug to a group while moving the bug to another product has no effect if the group is not used by both products. The bug may become public if no other group restriction applies. All...