Fedora 20 Security Update: bugzilla-4.2.13-1.fc20

Resolved Bugs
1185484 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [fedora-all]
1070979 – Access to /var/lib/bugzilla/data/webdot is denied by default bugzilla.conf
1185483 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes<br
This is a security update for Bugzilla which fixes two issues:
* A user with editcomponents permissions could possibly inject system
commands in product names and possibly other attributes.
* Methods from imported modules could possibly be executed using
the WebService API.
The first issue is tracked as CVE-2014-8630.
See https://www.bugzilla.org/security/4.0.15/ for all the details.

Leave a Reply