Bugzilla Security Advisory

Aug 30th, 2001
Author: Matthew Tuck

Overview

Users of Bugzilla are recommended to update to version 2.14.

Bugzilla 2.14 is a general security update, but not all of the security issues are serious.

Serious issues include:
  • Multiple instances where data on "confidential" bugs could be obtained by valid users of the system not authorised to.
  • Multiple instances of security holes where parameters were not being checked/escaped properly.
There are many patches that need to be applied to properly close these holes, so they are not included here.  If you will not be upgrading your system to 2.14 and instead wish to apply these patches to your existing system, please consult the release notes for the bug numbers of these bugs on bugzilla.mozilla.org where you can obtain the patches attached to bugs.