-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 07 Jan 2012 14:16:43 +0000 Source: bugzilla Binary: bugzilla3 bugzilla3-doc Architecture: source all Version: 3.6.2.0-4.5 Distribution: stable Urgency: low Maintainer: Raphael Bossek <bossekr@debian.org> Changed-By: Jonathan Wiltshire <jmw@debian.org> Description: bugzilla3 - web-based bug tracking system bugzilla3-doc - comprehensive guide to Bugzilla Changes: bugzilla (3.6.2.0-4.5) stable; urgency=low . * Non-maintainer upload. * Add security patches: - 87_cve-2011-3657.sh Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to inject code leading to XSS. - 88_cve-2011-3667.sh The User.offer_account_by_email WebService method ignores the user_can_create_account setting of the authentication method and generates an email with a token in it which the user can use to create an account. Depending on the authentication method being active, this could allow the user to log in using this account. Installations where the createemailregexp parameter is empty are not vulnerable to this issue. Checksums-Sha1: b59596b9b420f0546ea265780aa0cf845a2dfadc 1819 bugzilla_3.6.2.0-4.5.dsc eb5ca6000dea3f8cd3542b04220d2ca00513cd1a 112032 bugzilla_3.6.2.0-4.5.debian.tar.gz 6d530807bd1fbcbbdab0d1ff94e64e80f62e13dc 2782424 bugzilla3_3.6.2.0-4.5_all.deb abd8de7aa406b24799968909b26a992a3fd97cfc 1417068 bugzilla3-doc_3.6.2.0-4.5_all.deb Checksums-Sha256: d7bc9429d82706246a4936a2602193663710f29860b7caeea7047d2a8fac9ac1 1819 bugzilla_3.6.2.0-4.5.dsc c07c6c335d43268ce63aeb2bad84496b7054723f308a834c1316295b66588d8a 112032 bugzilla_3.6.2.0-4.5.debian.tar.gz 3cc31f9f6326398b1cbbb042e713e2dace2a31d2609613a7ac61112ab629d8d4 2782424 bugzilla3_3.6.2.0-4.5_all.deb fc8dab2e294b0d148fd9f497e2775d37efe9d32156c3177cc71d567b91c4d71f 1417068 bugzilla3-doc_3.6.2.0-4.5_all.deb Files: 9d08ad2b8e0a4e4635c9132b22e235af 1819 web optional bugzilla_3.6.2.0-4.5.dsc 07bedf25b0eeaa0623623eccc1ddc14a 112032 web optional bugzilla_3.6.2.0-4.5.debian.tar.gz 00017e63c02294e37b52ae380625aba5 2782424 web optional bugzilla3_3.6.2.0-4.5_all.deb 0e25a21aafc4dd4a4335524438d0ed24 1417068 doc optional bugzilla3-doc_3.6.2.0-4.5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPHKBLAAoJEFOUR53TUkxRaHUP/iCDpQltvogQo2T7T5skleu6 MO0dhXJb7vkqhF1nRwwEew+6dRASesdMDPt9Lkm5KNU9EJ5u3kCaPqR5QKZJlOW2 Lb3Mn83sNZQNWUpEYChlCjxrsHYn+GZsbfLUZDly2VLm1JdHJtEusIhoVixxKgZv BbnVYAMrodGRacSdRMlZzFTxkTLND2KbKN50zWuNqYEXRRuRGJmNA/wuQK7j9lW7 G3B1rDcyLpr6qf6Mf99dHDJ9YZjV133Z1DQNpiJtuoMT8uQm4k7W8ntvmg1wBy/P avY7JGnLrfsR76nBUqOSTg2bLt1hABFi/y9oK4J75zWp5DPYh10ooDFy922joHJj NFerXV05ZjzJ46frC131Qycu3HngBB9TtNinVC/Z699gQog9AznyQbWD2cqtWbzg SAD0WY7ioVE7FC6ivBlQe1Zjfs7Mg1RDHTS3Gcs3qxYpw4NKWubelme6ZEc1U6q/ M/sTAPVmmXOYbddKPL5SddDXyD0y/wsAPYbr94n3/SjCfktfHWHc+ufAOgw+6A3p VobT9sYIZde94SNAhd2BlJU60yLH8TDqISzqucSXaRWuCIL/zHzE+YTLUdz3Ywy7 kcvDKqVMW54xSa++nULbg9W+ndnEQ/8+9VWiTvZqBlmDrCxYy+RZmUaCZKD1U12B MiYY/KLY8DFNioUM4Lfb =Sxzj -----END PGP SIGNATURE----- Accepted: bugzilla3-doc_3.6.2.0-4.5_all.deb to main/b/bugzilla/bugzilla3-doc_3.6.2.0-4.5_all.deb bugzilla3_3.6.2.0-4.5_all.deb to main/b/bugzilla/bugzilla3_3.6.2.0-4.5_all.deb bugzilla_3.6.2.0-4.5.debian.tar.gz to main/b/bugzilla/bugzilla_3.6.2.0-4.5.debian.tar.gz bugzilla_3.6.2.0-4.5.dsc to main/b/bugzilla/bugzilla_3.6.2.0-4.5.dsc