Resolved Bugs
1185484 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [fedora-all]
1185483 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
1070979 – Access to /var/lib/bugzilla/data/webdot is denied by default bugzilla.conf<br
This is a security update for Bugzilla which fixes two issues:
* A user with editcomponents permissions could possibly inject system
commands in product names and possibly other attributes.
* Methods from imported modules could possibly be executed using
the WebService API.
The first issue is tracked as CVE-2014-8630.
See https://www.bugzilla.org/security/4.0.15/ for all the details.