Skip to content
  • ohauer's avatar
    - update to latest release [1] · ae9d631b
    ohauer authored
    - use PKGNAMESUFFIX instead LATEST_LINK
    - whitespace cleanup
    - svn mv */bugzilla to */bugzilla40
    - add vuxml entry
    
    4.4.1, 4.2.7, and 4.0.11 Security Advisory
    Wednesday Oct 16th, 2013
    
    Summary
    =======
    
    Bugzilla is a Web-based bug-tracking system used by a large number of
    software projects. The following security issues have been discovered
    in Bugzilla:
    
    * A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
      can lead to a bug being edited without the user consent.
    
    * A CSRF vulnerability in attachment.cgi can lead to an attachment
      being edited without the user consent.
    
    * Several unfiltered parameters when editing flagtypes can lead to XSS.
    
    * Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
      field values in tabular reports can lead to XSS.
    
    All affected installations are encouraged to upgrade as soon as
    possible.
    
    [1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
    
    Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
    		CVE-2013-1733
    		CVE-2013-1734
    		CVE-2013-1742
    		CVE-2013-1743
    ae9d631b