[Bug 281915] Re: [CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file
Launchpad Bug Tracker
281915 at bugs.launchpad.net
Thu Jan 8 22:02:13 UTC 2009
This bug was fixed in the package bugzilla - 2.22.1-2.2ubuntu1.7.10.1
---------------
bugzilla (2.22.1-2.2ubuntu1.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/patches/CVE-2008-4437.dpatch: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437
-- Stefan Lesicnik <stefan at lsd.co.za> Sat, 11 Oct 2008 21:56:21 +0200
** Changed in: bugzilla (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
[CVE-2008-4437] - Directory traversal vulnerability allows remote attackers to read arbitrary files via an XML file
https://bugs.launchpad.net/bugs/281915
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list