Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1204

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."

Related bugs and status

CVE-2010-1204 (Candidate) is related to these bugs:

Bug #415451: Please upgrade bugzilla to version 3.4.6

Summary				In	Importance	Status
	415451	Please upgrade bugzilla to version 3.4.6		bugzilla (Ubuntu)	Wishlist	Fix Released
	415451	Please upgrade bugzilla to version 3.4.6		bugzilla (Debian)	Unknown	Fix Released

Bug #606309: Sync bugzilla 3.4.7.0-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	606309	Sync bugzilla 3.4.7.0-1 (universe) from Debian unstable (main)		bugzilla (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.bugzilla.or...
CONFIRM: https://bugzilla.mozil...
BID: 41141
SECUNIA: 40300
VUPEN: ADV-2010-1595