Software update: Bugzilla 2.16.6

Following some security issues Mozilla.org has released version 2.16.6 of this program. Bugzilla uses Perl and MySQL, and is so-called ‘bug tracking software’. With such a program developers can clearly prioritize the reported bug reports and feature requests from users and then deal with them. Besides Mozilla.org itself, Bugzilla is being used by a lot of other developers used† The release notes announce the following changes:

• If Bugzilla is configured to hide entire products from some users, both duplicates.cgi and the form for mass-editing a list of bugs in buglist.cgi can disclose the names of those hidden products to such users. (bugs 234825 and 234855)
• Several administration CGIs echo invalid data back to the user without escaping it. (bug 235265)
• A user with privileges to grant membership to any group (ie usually an administrator) can trick editusers.cgi into executing arbitrary SQL. (bug 244272)
• Allow XML import to function when there are regexp metacharacters in product names (bug 237591)
• Allow the bug_email.pl contrib script to work with useqacontact (bug 239912)
• Improve the error message used by checksetup.pl when the MySQL requirements are not met (bug 240228)
• Eliminate the warning in checksetup.pl about the minimum sendmail version (bug 240060)
• $webservergroup now defaults to group ‘apache’ in new installations (bug 224477)
• Correct a situation where a bugmail message could be sent twice to a user being added to the CC list if the address was entered in a different case than the user registered with. (bug 117297)
• Various documentation updates