Bug 256461 - New release of Bugzilla fixes several security flaws
New release of Bugzilla fixes several security flaws
Status: CLOSED DUPLICATE of bug 256021
Product: Fedora
Classification: Fedora
Component: bugzilla (Show other bugs)
All All
medium Severity low
: ---
: ---
Assigned To: John Berninger
Fedora Extras Quality Assurance
: Security
Depends On:
  Show dependency treegraph
Reported: 2007-08-27 10:03 EDT by Lubomir Kundrak
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-27 11:25:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-08-27 10:03:42 EDT
The upstream advisory reads:

Issue 1
Class:       Cross-Site Scripting
Versions:    2.17.1 and above
Description: Bugzilla does not properly escape the 'buildid' field in
             the guided form when filing bugs. From 2.17.1 till 2.23.3,
             this field was based exclusively on the User-Agent string
             returned by your web browser. Since 2.23.4, this parameter
             can be defined in the URL passed to enter_bug.cgi, overwriting
             the User-Agent string and may lead to cross-site scripting.
             The guided form is not usually used by Bugzilla installations,
             as it is shipped only as an example to be modified for their
             own use.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=386942

Issue 2
Class:       Command Injection
Versions:    2.23.4 and above
Description: Bugzilla 2.23.4 and newer use the Email:: modules instead
             of the Mail:: and MIME:: ones. The argument passed to the -f
             option of Email::Send::Sendmail() is insufficiently escaped
             and may lead to limited command injection when called from
             email_in.pl, a script which was also introduced in 2.23.4.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=386860

Issue 3
Class:       Information Leak
Versions:    2.23.3 and above
Description: Bugzilla's WebService (XML-RPC) interface allows you to access
             the time-tracking fields (such as Deadline, Estimated Time, etc.)
             on all bugs, even if you normally cannot access time-tracking
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=382056
Comment 1 Lubomir Kundrak 2007-08-27 10:08:01 EDT
CVE identifiers for each of these bugs were requested.
Comment 2 Lubomir Kundrak 2007-08-27 11:25:22 EDT

*** This bug has been marked as a duplicate of 256021 ***

Note You need to log in before you can comment on or make changes to this bug.