CVE-2006-0916

NameCVE-2006-0916
DescriptionBugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs354457

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcewoody(not affected)
bugzillasourcesarge(not affected)
bugzillasource(unstable)2.20.1-1high354457

Notes

[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
Search for package or bug name: Reporting problems