Upcoming 4.4.7 will contain security fixes; our instance at https://old-bugzilla.wikimedia.org/ is shut down when it comes to changing stuff but still allows login until we solve T1198.
Description
Description
Related Objects
Related Objects
- Mentioned Here
- T1198: Bugzilla HTML static version and database dump
Event Timeline
Comment Actions
Two sec fixes in 4.4.7: https://www.bugzilla.org/security/4.0.15/
- I don't see a need to apply the patch for CVE-2014-8630 because we are down to 8 non-disabled, trusted accounts with editcomponents permissions in old-bugzilla.wm.o.
- And in our special case (no editing possible) I don't see any issues with the WebServices API leak either.
Hence we can stay at 4.4.6.