In association with heise online

15 September 2009, 10:12

Security updates for Bugzilla

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Bugzilla.png The developers of the Bugzilla open source bug tracking system have released versions 3.0.9, 3.2.5 and 3.4.2, which fix SQL injection vulnerabilities and remove a means of sniffing out a user's password.

The SQL injection vulnerabilities can be used to gain access to the database, allowing attackers to discover, change and delete content. It may also be possible to use this vulnerability to expose confidential data, such as the Mozilla Foundation's data on critical vulnerabilities in Firefox. The developers classify one of the SQL bugs as critical and are therefore advising all users to install the updates as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit