Package: bugzilla Version: 3.0.4.1-2 User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch intrepid
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element Ubuntu Bug - https://bugs.edge.launchpad.net/ubuntu/+source/bugzilla/+bug/280641 Patch supplied is from Upstream. -- Stefan Lesicnik ([EMAIL PROTECTED])
debian-patch
Description: Binary data
