[Secure-testing-team] Bug#587663: CVE-2010-1204
Moritz Muehlenhoff
jmm at debian.org
Wed Jun 30 17:34:42 UTC 2010
Package: bugzilla
Severity: grave
Tags: security
Hi,
the following issues have been reported against bugzilla:
http://www.bugzilla.org/security/3.2.6/
CVE-2010-1204 has minor impact, we don't need a DSA for it.
If necessary, it can still be fixed in a stable point update.
CVE-2010-0180 doesn't affect the Squeeze or Lenny version,
since our Bugzilla is too old.
Which brings me to another issue: We should really release Bugzilla
3.2 with Squeeze? 3.2 will be end-of-lifed when Bugzilla 4.0
is released, which should happen in the not too distinct future
and years before the end of the Squeeze support time frame.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list