Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2103 to the following vulnerability: Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. Fixed upstream in: 3.0.4, 3.1.4, 2.22.4, and 2.20.6 Refences: http://www.bugzilla.org/security/2.20.5/ https://bugzilla.mozilla.org/show_bug.cgi?id=425665 http://www.securityfocus.com/bid/29038 http://www.frsirt.com/english/advisories/2008/1428/references http://www.securitytracker.com/id?1019967 http://secunia.com/advisories/30064 http://xforce.iss.net/xforce/xfdb/42216
Affects Fedora and EPEL5.
bugzilla-3.0.4-1.fc7 has been submitted as an update for Fedora 7
bugzilla-3.0.4-1.fc8 has been submitted as an update for Fedora 8
bugzilla-3.0.4-1.fc9 has been submitted as an update for Fedora 9
bugzilla-3.0.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.0.4-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-3488 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3442 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-3668
bugzilla-3.0.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.