[ MDVSA-2014:200 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:200
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bugzilla
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated bugzilla packages fix security vulnerabilities:
 
 If a new comment was marked private to the insider group, and a flag
 was set in the same transaction, the comment would be visible to flag
 recipients even if they were not in the insider group (CVE-2014-1571).
 
 An attacker creating a new Bugzilla account can override certain
 parameters when finalizing the account creation that can lead to the
 user being created with a different email address than originally
 requested. The overridden login name could be automatic

007 Software

[ MDVSA-2014:200 ] bugzilla

Leave a Reply Cancel reply

Software and Security Information