User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2013-19480 (bugzilla)

Subject:  [SECURITY] Fedora 19 Update: bugzilla-4.2.7-1.fc19
Date:  Tue, 29 Oct 2013 03:47:45 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-19480 2013-10-19 07:32:23 -------------------------------------------------------------------------------- Name : bugzilla Product : Fedora 19 Version : 4.2.7 Release : 1.fc19 URL : Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: The following security issues have been discovered in Bugzilla 4.2.6: * A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. * Several unfiltered parameters when editing flagtypes can lead to XSS. * Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered field values in tabular reports can lead to XSS. Version 4.2.7 (this one) fixes all these issues. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 17 2013 Emmanuel Seyman <> - 4.2.7-1 - Update to 4.2.7 (security updates) - Patch bugzilla to write compiled templates under /var (#949130) * Sun Aug 4 2013 Emmanuel Seyman <> - 4.2.6-2 - Change apache conf to enable access to all machines -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020452 - CVE-2013-1734 CVE-2013-1742 CVE-2013-1743 bugzilla: multiple flaws corrected in upstream 4.0.11, 4.2.7, 4.4.1 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds