Information on source package bugzilla

Available versions

ReleaseVersion
squeeze3.6.2.0-4.4
squeeze3.6.2.0-4.6

Open issues

BugsqueezeDescription
CVE-2011-3668vulnerableCross-site request forgery (CSRF) vulnerability in post_bug.cgi in ...
CVE-2011-3669vulnerableCross-site request forgery (CSRF) vulnerability in attachment.cgi in ...
CVE-2012-0440vulnerableCross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in ...
CVE-2012-0448vulnerableBugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, ...
CVE-2012-0453vulnerableCross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in ...
CVE-2012-0465vulnerableBugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, ...
CVE-2012-0466vulnerabletemplate/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before ...
CVE-2012-1969vulnerableThe get_attachment_link function in Template.pm in Bugzilla 2.x and ...
CVE-2012-3981vulnerableAuth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and ...
CVE-2012-4197vulnerableBugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x ...
CVE-2012-4199vulnerabletemplate/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before ...
CVE-2012-4747vulnerableBugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, ...
CVE-2013-0785vulnerableCross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla ...
CVE-2013-0786vulnerableThe Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...
CVE-2013-1734vulnerableCross-site request forgery (CSRF) vulnerability in attachment.cgi in ...
CVE-2013-1742vulnerableMultiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2014-1517vulnerableThe login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x ...

Open unimportant issues

BugsqueezeDescription
CVE-2006-2420vulnerableBugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...
CVE-2008-6098vulnerableBugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, ...

Resolved issues

BugDescription
CVE-2002-0804Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...
CVE-2002-0805Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...
CVE-2002-0806Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows ...
CVE-2002-0808Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...
CVE-2002-0809Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...
CVE-2002-0810Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...
CVE-2002-1196editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before ...
CVE-2002-1197bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...
CVE-2002-1198Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...
CVE-2002-2260Cross-site scripting (XSS) vulnerability in the quips feature in ...
CVE-2003-0012The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x ...
CVE-2003-0013The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...
CVE-2003-0602Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...
CVE-2003-0603Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...
CVE-2003-1042SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...
CVE-2003-1043SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...
CVE-2003-1044editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...
CVE-2003-1045votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...
CVE-2003-1046describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...
CVE-2004-0702DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...
CVE-2004-0703Unknown vulnerability in the administrative controls in Bugzilla ...
CVE-2004-0704Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...
CVE-2004-0705Multiple cross-site scripting (XSS) vulnerabilities in (1) ...
CVE-2004-0706Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...
CVE-2004-0707SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...
CVE-2004-1061Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...
CVE-2004-1633process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...
CVE-2005-1563Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...
CVE-2005-1564post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...
CVE-2005-1565Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...
CVE-2005-2173The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...
CVE-2005-2174Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...
CVE-2005-3138Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...
CVE-2005-3139Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...
CVE-2005-4534The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...
CVE-2006-0913SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...
CVE-2006-0914Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly ...
CVE-2006-0915Bugzilla 2.16.10 does not properly handle certain characters in the ...
CVE-2006-0916Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences ...
CVE-2006-5453Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...
CVE-2006-5454Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...
CVE-2006-5455Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...
CVE-2007-0791Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...
CVE-2007-0792The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...
CVE-2007-4538email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...
CVE-2007-4539The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...
CVE-2007-4543Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...
CVE-2007-5038The offer_account_by_email function in User.pm in the WebService for ...
CVE-2008-2103Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...
CVE-2008-2104The WebService in Bugzilla 3.1.3 allows remote authenticated users ...
CVE-2008-2105email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before ...
CVE-2008-4437Directory traversal vulnerability in importxml.pl in Bugzilla before ...
CVE-2008-7292Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before ...
CVE-2009-0481Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...
CVE-2009-0482Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...
CVE-2009-0483Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...
CVE-2009-0484Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...
CVE-2009-0485Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...
CVE-2009-0486Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls ...
CVE-2009-1213Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...
CVE-2009-3125SQL injection vulnerability in the Bug.search WebService function in ...
CVE-2009-3165SQL injection vulnerability in the Bug.create WebService function in ...
CVE-2009-3166token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...
CVE-2009-3386Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...
CVE-2009-3387Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group ...
CVE-2009-3989Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and ...
CVE-2010-0180Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when ...
CVE-2010-1204Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...
CVE-2010-2470Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...
CVE-2010-2756Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...
CVE-2010-2757The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through ...
CVE-2010-2758Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...
CVE-2010-2759Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...
CVE-2010-3172CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before ...
CVE-2010-3764The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...
CVE-2010-4567Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...
CVE-2010-4568Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; ...
CVE-2010-4569Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, ...
CVE-2010-4570Cross-site scripting (XSS) vulnerability in the duplicate-detection ...
CVE-2010-4572CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, ...
CVE-2011-0046Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...
CVE-2011-0048Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...
CVE-2011-2379Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through ...
CVE-2011-2380Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before ...
CVE-2011-2381CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x ...
CVE-2011-2976Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through ...
CVE-2011-2977Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x ...
CVE-2011-2978Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before ...
CVE-2011-2979Bugzilla 4.1.x before 4.1.3 generates different responses for certain ...
CVE-2011-3657Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x ...
CVE-2011-3667The User.offer_account_by_email WebService method in Bugzilla 2.x and ...
CVE-2012-1968Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses ...
CVE-2012-4189Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x ...
CVE-2012-4198The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x ...
CVE-2012-5884The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...
CVE-2013-1733Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in ...
CVE-2013-1743Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in ...
TEMP-0000000-8DEC77Cross-Site-Scripting in Bugzilla
TEMP-0000000-C43658bugzilla: unauthorized bug modification
TEMP-0321567-329716bugzilla: Maintainer's postinst script use temporary files in an unsafe way

Security announcements

DSADescription
DSA-2322-1bugzilla - several
DSA-1913-1bugzilla - SQL injection
DSA-1208-1bugzilla
DSA-230bugzilla - insecure permissions, spurious backup files
DSA-218bugzilla - cross site scripting
DSA-173bugzilla - privilege escalation

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)