[Secure-testing-team] Bug#611176: bugzilla: CVE-2010-4568 Account compromise vulnerability

Jonathan Wiltshire jmw at debian.org
Wed Jan 26 12:55:08 UTC 2011 

Package: bugzilla
Version: 3.0.4.1-2+lenny2
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: bugzilla
Version: FILLINAFFECTEDVERSION
Severity: FILLINSEVERITY
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bugzilla.

CVE-2010-4568[0]:
| ** RESERVED **
| This candidate has been reserved by an organization or individual that
| will use it when announcing a new security problem.  When the
| candidate has been publicized, the details for this candidate will be
| provided.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568
    http://security-tracker.debian.org/tracker/CVE-2010-4568

- -- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNQBmsAAoJEFOUR53TUkxRgrAP/jL0yZw/L/rJNDukhVM+J4DT
3XJp1+PGnP7/kLf16tWz3TTiJnKEXBEp/mlZPdjgl6wvtaT7HAa0XxoGEEKvb9zg
o0pgdVnpLIh1Uod+vAlNKZgcISD/3Mdj1QRUxZCRRLeGz6C1drajMA9PZVGEYSd1
hcGXxcfFbOkOrNOsubXFgMgrr8lW7xlcVo5PEsFFuXpCK8CxEAaCP4F5IkKq9kA5
gbqZnW4yx4wuEAS/5KyN1FAz1yhAjhhiN1bD08didBmOM0d49GmP4mPDo7XqmW22
SI2AWHpYsVSdbnu5X7SWWWJTqw6FPSWTeAIDTRXkgO6LCnY6jz+EwltGmVNecRjv
5SerGEv3mdO9UCQ7rfdfHwQHhuMp78jkg+mqa94wIVjj9IqEslhZpLvOyhEKwuXm
9CCw83J7v/v76C90A8T3VZN64RX76Fxs/kGnbsyeiCsDTbVYEPKgUKbBd78AnuOI
5sncfwe6YxKuYvfKMz9LK5GSuk6pmL6K4B8kNVdDY5Xl38HFbw73Yg1GEqOmdqRi
xdMzfIdUgDKniiC6CDJs6sixCNf9H4EC/fKzzkacOJ6s3XqcSVJFBiPH4ZL7ypAp
TPtHIP54SiDKJqOqhP4HnyeCQLQ9BOKt6poTqtnjOz5zwveZCndIOI/YnQyYmaZQ
w+MYBc5b2s7d0FkFKTXS
=50Zi
-----END PGP SIGNATURE-----

More information about the Secure-testing-team mailing list