[ MDVSA-2015:030 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:030
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bugzilla
 Date    : February 5, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated bugzilla packages fix security vulnerability:
 
 Some code in Bugzilla does not properly utilize 3 arguments form
 for open() and it is possible for an account with editcomponents
 permissions to inject commands into product names and other attributes
 (CVE-2014-8630).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8630
 http://advisories.mageia.org/MGASA-2015-0048.html
 _____________________________________________________

007 Software

[ MDVSA-2015:030 ] bugzilla

Leave a Reply Cancel reply

Software and Security Information