FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Bugzilla -- Directory Traversal in

Affected packages
2.22.1 <= bugzilla < 2.22.4
3.* <= bugzilla < 3.0.4
2.22.1 <= ja-bugzilla < 2.22.4
3.* <= ja-bugzilla < 3.0.4


VuXML ID 1d96305d-6ae6-11dd-91d5-000c29d47fd7
Discovery 2008-06-03
Entry 2008-08-15
Modified 2010-05-12

A Bugzilla Security Advisory reports:

When importing bugs using, the --attach_path option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by contains a malicious


node, the script follows this relative path and attaches the local file pointed by it to the bug, making the file public. The security fix makes sure the relative path is always ignored.


CVE Name CVE-2008-4437