From a9aa10209a82ee3fafc765fa3764b6784ef7ff28 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@gmail.com>
Date: Tue, 13 Nov 2012 18:19:46 +0100
Subject: [PATCH] Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment
 you cannot see as obsolete can disclose its description r=gerv a=LpSolit

---
 Bugzilla/Attachment.pm | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index 982435a3ac..ba6c25736a 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -766,11 +766,8 @@ sub validate_obsolete {
         $attachment->validate_can_edit($bug->product_id)
           || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
 
-        $vars->{'description'} = $attachment->description;
-
         if ($attachment->bug_id != $bug->bug_id) {
             $vars->{'my_bug_id'} = $bug->bug_id;
-            $vars->{'attach_bug_id'} = $attachment->bug_id;
             ThrowUserError('mismatched_bug_ids_on_obsolete', $vars);
         }
 
-- 
2.47.2