[Webapps-common-packages] Security update for bugzilla

Florian Weimer fw at deneb.enyo.de
Fri Apr 10 14:24:28 UTC 2009


Hi,

there are currently several open issues in bugzilla:

<http://security-tracker.debian.net/tracker/source-package/bugzilla>

Of these, we should really fix CVE-2008-4437 for etch:

<https://bugzilla.mozilla.org/show_bug.cgi?id=437169>

There are reports that this being actively exploited.  I'm not sure if
it's possible to backport the XSS/CSRF fixes to oldstable.

So could you please provide a proposal for a security update for
stable and oldstable?

Florian



More information about the Webapps-common-packages mailing list