LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-3442 (bugzilla)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: bugzilla-3.0.4-1.fc8


Date:
    	      Sat, 10 May 2008 13:51:30 +0000


Message-ID:
    	      <200805101409.m4AE95LO021423@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-3442
2008-05-09 22:13:43
--------------------------------------------------------------------------------

Name        : bugzilla
Product     : Fedora 8
Version     : 3.0.4
Release     : 1.fc8
URL         : http://www.bugzilla.org/
Summary     : Bug tracking system
Description :
Bugzilla is a popular bug tracking system used by multiple open source
projects.  It requires a database engine installed - either MySQL or
PostgreSQL.  Without one of these database engines, Bugzilla will not work.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 3.0.4 to resolve multiple sec vulns
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  9 2008 John Berninger <john at ncphotography dot com> - 3.0.4-1
- Update to upstream 3.0.4 to fix multiple security vulns
- Change perms on /etc/bugzilla for bz 427981
* Fri Dec 28 2007 John Berninger <john at ncphotography dot com> - 3.0.2-6
- Add cron.daily, cron.whine to payload list
* Fri Dec 28 2007 John Berninger <john at ncphotography dot com> - 3.0.2-5
- Typo in spec file, rebuild
* Fri Dec 28 2007 John Berninger <john at ncphotography dot com> - 3.0.2-3
- bz 426465 - don't enable cron jobs so cron doesn't complain about
  an unconfigured installation
* Fri Oct 26 2007 John Berninger <john at ncphotography dot com> - 3.0.2-2
- fix issue with AlowOverride Options
* Mon Oct 22 2007 John Berninger <john at ncphotography dot com> - 3.0.2-1
- updates to requires and httpd conf for BZ's 279961, 295861, 339531
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #445819 - CVE-2008-2103 bugzilla: Cross-Site Scripting in the the "Format for Printing"
view
        https://bugzilla.redhat.com/show_bug.cgi?id=445819
  [ 2 ] Bug #445820 - CVE-2008-2105 bugzilla: Account Impersonation via email interface
        https://bugzilla.redhat.com/show_bug.cgi?id=445820
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update bugzilla' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds