CVE-2010-2757
Published: 16 August 2010
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bugzilla Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Ignored
(end of life)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Not vulnerable
(3.6.2.0-1)
|
|
| natty |
Not vulnerable
(3.6.2.0-1)
|
|
| oneiric |
Not vulnerable
(3.6.2.0-1)
|
|
| precise |
Does not exist
(dropped by debian)
|
|
| quantal |
Does not exist
(dropped by debian)
|
|
| raring |
Does not exist
(dropped by debian)
|
|
| saucy |
Does not exist
(dropped by debian)
|
|
| upstream |
Released
(3.7.3, 3.6.2, 3.4.8, 3.2.8)
|