W3C home > Mailing lists > Public > public-qt-comments@w3.org > March 2007

Re: [closed] Re: Bugzilla under attack?

From: Frans Englich <englich@kde.org>
Date: Fri, 30 Mar 2007 12:45:20 +0200
To: olivier Thereaux <ot@w3.org>
Cc: Norman Walsh <Norman.Walsh@sun.com>, sysreq@w3.org, Henry Thompson <ht@cogsci.ed.ac.uk>, "C. M. Sperberg-McQueen" <cmsmcq@w3.org>, public-qt-comments@w3.org, public-xml-processing-model-wg@w3.org
Message-Id: <200703301245.21291.englich@kde.org>

On Friday 30 March 2007 05:08, olivier Thereaux wrote:
> On Mar 30, 2007, at 04:12 , Norman Walsh wrote:
> > This is either vandalism or automated error, depending on
> > paula-ste@tiscali.co.uk's motivations. Several QT bugs have been
> > changed and several XProc bugs as well. All in the same way.
> Jean-Gui and I looked into it, and after some investigation and a lot
> of sed an sql later, the affected bugs have been reverted to their
> original state, the user's account disabled, and I've changed the
> settings of the public bugzilla so that this never happens again.

I don't know if it was intentional, but for me it's now not possible to change 
the assignee of reports. When doing so I get:

"You tried to change the Assignee field from andrew.eisenberg@us.ibm.com to 
carmelo@nist.gov , but only the assignee of the bug, or a sufficiently 
empowered user may change that field."

Of course, if this is necessary in order to reach required security it is 
unfortunate, but otherwise I'd say it's a useful feature.



PS. These Bugzilla changes caught my attention as well, but was fixed at that 
point. I did some investigation on the email address and it maps to a 
person's name and seem to be valid. If this was an attack, that email address 
probably was compromised.
Received on Friday, 30 March 2007 10:43:26 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:45:32 UTC