Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 436546 - (CVE-2008-1474) CVE-2008-1474 Roundup 1.4.4 contains security fixes
CVE-2008-1474 Roundup 1.4.4 contains security fixes
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 436547 436548 436549
  Show dependency treegraph
Reported: 2008-03-07 15:25 EST by Lubomir Kundrak
Modified: 2008-06-06 03:42 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-23 02:15:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2008-03-07 15:25:24 EST
1.) First one is this:


The ticket more-or-less describes the fix
The pertinent changes are these:


2.) And second one will probably need some more thinking; all upstream says is
"security fix"



Serious business:


I might have forgotten some as well:

Comment 1 Lubomir Kundrak 2008-03-07 15:30:13 EST
CVE names requested
Comment 3 Paul P Komkoff Jr 2008-03-07 17:36:58 EST
Thank you for bringing this into my attention.
I am putting together 1.4.4 rpm now.
Comment 4 Paul P Komkoff Jr 2008-03-07 18:24:29 EST
This is my first security update; shall I wait for CVE names to include them
into the %changelog or I can just go ahead and build everything now? Thanks.
Comment 5 Lubomir Kundrak 2008-03-08 02:07:40 EST
Paul feel free to build the packages even without the CVE names. Refer to this
bug report in changelog. Thanks!
Comment 6 Paul P Komkoff Jr 2008-03-09 08:11:20 EDT
I've done a builds. If/when you'll have CVE numbers you can create the updates.
Or I can do it if you say so.
Comment 7 Lubomir Kundrak 2008-03-09 11:06:05 EDT
Please create the updates.

Comment 8 Fedora Update System 2008-03-10 07:06:06 EDT
roundup-1.4.4-1.fc7 has been submitted as an update for Fedora 7
Comment 9 Fedora Update System 2008-03-10 07:07:15 EDT
roundup-1.4.4-1.fc8 has been submitted as an update for Fedora 8
Comment 10 Fedora Update System 2008-03-13 03:38:58 EDT
roundup-1.4.4-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2008-03-13 03:48:55 EDT
roundup-1.4.4-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Red Hat Product Security 2008-04-23 02:15:19 EDT
This issue was addressed in:


Comment 13 Tomas Hoger 2008-06-06 03:42:51 EDT

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact
and attack vectors, some of which may be related to cross-site scripting (XSS).

Note You need to log in before you can comment on or make changes to this bug.