CVE-2005-2173

NameCVE-2005-2173
DescriptionThe Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcewoody(not affected)
bugzillasourcesarge(not affected)
bugzillasource(unstable)2.18.3-1low

Notes

[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
Search for package or bug name: Reporting problems