Bug 170519 - The text of cloned bugs leaks email addresses
The text of cloned bugs leaks email addresses
Status: CLOSED CURRENTRELEASE
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
3.6
All Linux
medium Severity medium (vote)
: ---
: ---
Assigned To: Matt Tyson
tools-bugs
:
: 650397 651134 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-12 10:51 EDT by Josh Bressers
Modified: 2013-06-24 00:16 EDT (History)
3 users (show)

See Also:
Fixed In Version: 4.2.4-6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-14 22:53:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-10-12 10:51:47 EDT
Normally you can only see email addresses for bugzilla users when you are logged
in with a valid account.  When a bug is cloned, the various comments are placed
into the initial comment textbox by default.  As bug 170518 shows, the email
addresses of the people who made the previous comments are leaked.
Comment 1 David Lawrence 2006-04-08 14:03:13 EDT
Red Hat's current Bugzilla version is 2.18. I am moving all older open bugs to
this version. Any bugs against the older versions will need to be verified that
they are still bugs. This will help me also to sort them better.
Comment 2 David Lawrence 2008-09-16 12:53:45 EDT
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code.
Updating bug version to 3.2.
Comment 3 David Lawrence 2008-12-01 00:17:17 EST
Verified this is still issue in 3.2. Need to update enter_bug.cgi to clean out email addresses from cloned comments.
Comment 4 David Lawrence 2010-01-15 11:55:02 EST
Red Hat Bugzilla is now using version 3.4 of the Bugzilla codebase and
therefore this bug will need to be re-verified against the new release. With
the updated code this bug may no longer be relevant or may have been fixed in
the new code. Updating bug version to 3.4.
Comment 5 David Lawrence 2010-08-25 17:42:50 EDT
Red Hat has now upgraded to Bugzilla 3.6 and this bug will now be reassigned to that version. It would be helpful to the Bugzilla Development Team if this bug is verified to still be an issue with the latest version. If it is no longer an issue, then feel free to close, otherwise please comment that it is still a problem and we will try to address the issue as soon as we can.

Thanks
Bugzilla Development Team
Comment 7 Jeff Fearn 2012-05-30 00:44:06 EDT
As part of the recent Bugzilla 4.2 upgrade the Bugzilla team are cleaning up bugs opened against old versions of Bugzilla. This bug has been flagged as an old bug and will be CLOSED WONTFIX in 7 days time.

If you believe this bug is an issue in the latest Bugzilla version please comment on this bug within 7 days. Doing so will ensure this bug is not closed automatically.

Thanks, the Bugzilla team.
Comment 8 Jeff Fearn 2012-05-30 00:44:34 EDT
As part of the recent Bugzilla 2.4 upgrade the Bugzilla team are cleaning up bugs opened against old versions of Bugzilla. This bug has been flagged as an old bug and will be CLOSED WONTFIX in 7 days time.

If you believe this bug is an issue in the latest Bugzilla version please comment on this bug within 7 days. Doing so will ensure this bug is not closed automatically.

Thanks, the Bugzilla team.
Comment 9 Josh Bressers 2012-06-04 11:57:19 EDT
This behavior still exists and should probably be fixed.
Comment 10 Simon Green 2012-06-14 20:59:14 EDT
I guess the solution is to put the name instead of the e-mail address in cloned comments. Any change would only affect cloned bugs from that point on, we would not change existing cloned bugs.

  -- simon
Comment 11 Simon Green 2012-06-20 02:00:16 EDT
*** Bug 651134 has been marked as a duplicate of this bug. ***
Comment 12 Jeff Fearn 2012-06-20 23:53:43 EDT
These bugs have been flagged as still relevant and are being reset to default values for PM consideration.
Comment 13 Simon Green 2012-07-19 01:29:22 EDT
*** Bug 650397 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.