Description of problem: The current version of bugzilla in f7 has three major security issues as described in bugzilla.org's security advisory from 23rd of August: http://www.bugzilla.org/security/2.20.4/ As the issues are pretty severe, we have currently disabled our local bugzilla to protect our server from abuse. Version-Release number of selected component (if applicable): bugzilla-3.0-3.fc7 Additional info: Related bugzilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=386942 https://bugzilla.mozilla.org/show_bug.cgi?id=386860 https://bugzilla.mozilla.org/show_bug.cgi?id=382056
Updates for FC-6, EL-4, EL-5 built in plague. update for F-7 built in Koji. Pushing F-7 update via Bodhi now.
*** Bug 256461 has been marked as a duplicate of this bug. ***
bugzilla-3.0.1-0.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
CVE assigned identifiers CVE-2007-4543, CVE-2007-4539 and CVE-2007-4538 to these issues.