[Bug 1185483] New: CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1185483
Bug ID: 1185483
Summary: CVE-2014-8630 Bugzilla: Command Injection into product
names and other attributes
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br,
perl-devel(a)lists.fedoraproject.org,
xavier(a)bachelot.org
The Bugzilla project reports:
Class: Command Injection
Versions: All versions before 4.0.16, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6,
4.5.1 to 4.5.6
Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Some code in Bugzilla does not properly utilize 3 arguments form
for open() and it is possible for an account with editcomponents
permissions to inject commands into product names and other
attributes.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
CVE Number: CVE-2014-8630
External references:
http://www.bugzilla.org/security/4.0.15/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wv1CAf1O1K&a=cc_unsubscribe
6 years
[Bug 1150091] New: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1150091
Bug ID: 1150091
Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla:
security fixes release
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br, mcepl(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Upstream has issued an advisory today (October 6):
http://www.bugzilla.org/security/4.0.14/
Class: Unauthorized Account Creation
Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to
the
user being created with a different email address than originally
requested. The overridden login name could be automatically added
to groups based on the group's regular expression setting.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE Number: CVE-2014-1572
Class: Cross-Site Scripting
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: During an audit of the Bugzilla code base, several places
were found where cross-site scripting exploits could occur which
could allow an attacker to access sensitive information.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE Number: CVE-2014-1573
Class: Information Leak
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: If a new comment was marked private to the insider group, and a
flag
was set in the same transaction, the comment would be visible to
flag recipients even if they were not in the insider group.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE Number: CVE-2014-1571
Class: Social Engineering
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: Search results can be exported as a CSV file which can then be
imported into external spreadsheet programs. Specially formatted
field values can be interpreted as formulas which can be executed
and used to attack a user's computer.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0XmWcvadmK&a=cc_unsubscribe
6 years
[Bug 1347302] New: Please build perl-Crypt-SMIME for EPEL 7
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1347302
Bug ID: 1347302
Summary: Please build perl-Crypt-SMIME for EPEL 7
Product: Fedora EPEL
Version: epel7
Component: perl-Crypt-SMIME
Assignee: steve.traylen(a)cern.ch
Reporter: xavier(a)bachelot.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
steve.traylen(a)cern.ch
Hi,
I would need perl-Crypt-SMIME in EPEL 7 for another package.
Could you please branch and build ?
I can (co-)maintain the branch if you wish.
Regards,
Xavier
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1331520] New: Please update perl-Crypt-SMIME to at least 0.15
in EPEL 6
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1331520
Bug ID: 1331520
Summary: Please update perl-Crypt-SMIME to at least 0.15 in
EPEL 6
Product: Fedora EPEL
Version: el6
Component: perl-Crypt-SMIME
Assignee: steve.traylen(a)cern.ch
Reporter: xavier(a)bachelot.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
steve.traylen(a)cern.ch
Hi,
I'd like perl-Crypt-SMIME to be updated to at least version 0.15 in EPEL 6 in
order to build another package.
Thanks and regards,
Xavier
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1380983] New:
Package metadata for perl-Gtk2-Unique lists the wrong URL.
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1380983
Bug ID: 1380983
Summary: Package metadata for perl-Gtk2-Unique lists the wrong
URL.
Product: Fedora
Version: rawhide
Component: perl-Gtk2-Unique
Assignee: liangsuilong(a)gmail.com
Reporter: andrew(a)tosk.in
QA Contact: extras-qa(a)fedoraproject.org
CC: liangsuilong(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Hello, liangsuilong
This is a fairly minor problem, but the package metadata for perl-Gtk2-Unique
is out-of-date. It currently lists the project's URL as
https://live.gnome.org/LibUnique.
but GNOME no longer uses the "live" subdomain; requests now get redirected to
the wiki. The newer equivalent URL is
https://wiki.gnome.org/Attic/LibUnique
...but that page says libunique is deprecated and offers a link to the
GtkApplication porting guide.
(I'm filing this same bug report for multiple packages, so I apologize if you
see this issue twice.)
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1315525] New: perl-Net-DNS-1.05 is available
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1315525
Bug ID: 1315525
Summary: perl-Net-DNS-1.05 is available
Product: Fedora
Version: rawhide
Component: perl-Net-DNS
Keywords: FutureFeature, Triaged
Assignee: pwouters(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
psabata(a)redhat.com, pwouters(a)redhat.com
Latest upstream release: 1.05
Current version/release in rawhide: 1.04-3.fc24
URL: http://search.cpan.org/dist/Net-DNS/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1389064] New: EPEL7 branch missing (required for psad)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1389064
Bug ID: 1389064
Summary: EPEL7 branch missing (required for psad)
Product: Fedora
Version: rawhide
Component: perl-IPTables-ChainMgr
Assignee: mitr(a)redhat.com
Reporter: dominik(a)greysector.net
QA Contact: extras-qa(a)fedoraproject.org
CC: mitr(a)redhat.com, perl-devel(a)lists.fedoraproject.org
Description of problem:
EPEL7 branch is missing for perl-IPTables-ChainMgr, preventing psad from being
installed. Please build it for EPEL7.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months