back to article Patch Bugzilla! Anyone can access your private bugs – including your security vulns

If you or your organization is running Bugzilla, and you're using email-based permissions, make sure you've updated to the latest version – namely 5.0.1, 4.4.10, or 4.2.15. That's because someone's found a way to easily access private bugs in your codebase – such as critical security holes you're still working on to fix. An …

  1. Justin Pasher

    Expect only the best.

    Ahhh, the beauty of using MySQL. Silently truncating your data for decades.

  2. phil dude

    and you know...

    that there will be code out there that *depends*on that MYSQL behaviour, so if they fix it, other things will break!!

    Is this what the guy in the white suit in the Matrix (II) promised the singularity would be?

    Code with no bugs?


  3. Mephistro
    Black Helicopters

    A few days ago...

    ... I read in some comment or article about Hotmail that it showed a similar behaviour. Makes one wonder...

    1. Anonymous Coward
      Anonymous Coward

      Re: A few days ago...

      I heard from a bloke in a pub, that his sisters mates father-in-law, knew this guy that once heard that a friend knew of someone that had the same thing happen in Gmail....makes you wonder....

  4. Anonymous Coward
    Anonymous Coward

    Guessing Bugzilla installs using non-MySQL are ok then?

    So, if a Bugzilla installation isn't using MySQL (eg using PostgreSQL), it's not vulnerable then?

    1. Anonymous Coward
      Anonymous Coward

      Re: Guessing Bugzilla installs using non-MySQL are ok then?

      Probably the case but with security I never bank on it. And I'd still test the he'll out of just as I would the patch, especially in the case of a patch used on a non-standard configuration. That's the problem with layered complexity, mutating configurations add a whole 'not her dimension (cross-product) to your probability space.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021