[Bug 1205913] New: Please branch perl-Chart for EPEL7
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1205913
Bug ID: 1205913
Summary: Please branch perl-Chart for EPEL7
Product: Fedora EPEL
Version: epel7
Component: perl-Chart
Assignee: psabata(a)redhat.com
Reporter: jamielinux(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
psabata(a)redhat.com, steve(a)silug.org
It seems to build fine using the f21 srpm. (The rawhide srpm complains that
perl-ExtUtils-MakeMaker is too old.)
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years
[Bug 1185483] New: CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1185483
Bug ID: 1185483
Summary: CVE-2014-8630 Bugzilla: Command Injection into product
names and other attributes
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br,
perl-devel(a)lists.fedoraproject.org,
xavier(a)bachelot.org
The Bugzilla project reports:
Class: Command Injection
Versions: All versions before 4.0.16, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6,
4.5.1 to 4.5.6
Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Some code in Bugzilla does not properly utilize 3 arguments form
for open() and it is possible for an account with editcomponents
permissions to inject commands into product names and other
attributes.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
CVE Number: CVE-2014-8630
External references:
http://www.bugzilla.org/security/4.0.15/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wv1CAf1O1K&a=cc_unsubscribe
6 years, 1 month
[Bug 1150091] New: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1150091
Bug ID: 1150091
Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla:
security fixes release
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br, mcepl(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Upstream has issued an advisory today (October 6):
http://www.bugzilla.org/security/4.0.14/
Class: Unauthorized Account Creation
Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to
the
user being created with a different email address than originally
requested. The overridden login name could be automatically added
to groups based on the group's regular expression setting.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE Number: CVE-2014-1572
Class: Cross-Site Scripting
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: During an audit of the Bugzilla code base, several places
were found where cross-site scripting exploits could occur which
could allow an attacker to access sensitive information.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE Number: CVE-2014-1573
Class: Information Leak
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: If a new comment was marked private to the insider group, and a
flag
was set in the same transaction, the comment would be visible to
flag recipients even if they were not in the insider group.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE Number: CVE-2014-1571
Class: Social Engineering
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: Search results can be exported as a CSV file which can then be
imported into external spreadsheet programs. Specially formatted
field values can be interpreted as formulas which can be executed
and used to attack a user's computer.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0XmWcvadmK&a=cc_unsubscribe
6 years, 1 month
[Bug 1438957] New: icons are missing on bugzilla's front page
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1438957
Bug ID: 1438957
Summary: icons are missing on bugzilla's front page
Product: Fedora
Version: 25
Component: bugzilla
Assignee: itamar(a)ispbrasil.com.br
Reporter: emmanuel(a)seyman.fr
QA Contact: extras-qa(a)fedoraproject.org
CC: adrian(a)lisas.de, bazanluis20(a)gmail.com,
dwt(a)poltec.com, emmanuel(a)seyman.fr,
extras-qa(a)fedoraproject.org, hughbragg(a)tpg.com.au,
itamar(a)ispbrasil.com.br,
perl-devel(a)lists.fedoraproject.org
Depends On: 1403588
--- Additional comment from Dennis W. Tokarski on 2016-12-21 18:32:34 EST ---
And by the way, once you get the home page to render, the large
icons for bug/search/usr/docs are missing.
The client is trying to fetch e.g /skins/standard/index/search.png and getting
a 404. It should be trying for /bugzilla/skins....
Temporary fix is to edit bugzilla.conf again and at the top add
Alias /skins /usr/share/bugzilla/skins
Looks like a bug in the cgi script for the home page.
Sorry for not filing this separately, emmanuel, but since you're on this
anyway...
Hope this helps.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1403588
[Bug 1403588] /usr/share/bugzilla/assets/.htaccess: Require not allowed
here
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1347302] New: Please build perl-Crypt-SMIME for EPEL 7
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1347302
Bug ID: 1347302
Summary: Please build perl-Crypt-SMIME for EPEL 7
Product: Fedora EPEL
Version: epel7
Component: perl-Crypt-SMIME
Assignee: steve.traylen(a)cern.ch
Reporter: xavier(a)bachelot.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
steve.traylen(a)cern.ch
Hi,
I would need perl-Crypt-SMIME in EPEL 7 for another package.
Could you please branch and build ?
I can (co-)maintain the branch if you wish.
Regards,
Xavier
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1331520] New: Please update perl-Crypt-SMIME to at least 0.15
in EPEL 6
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1331520
Bug ID: 1331520
Summary: Please update perl-Crypt-SMIME to at least 0.15 in
EPEL 6
Product: Fedora EPEL
Version: el6
Component: perl-Crypt-SMIME
Assignee: steve.traylen(a)cern.ch
Reporter: xavier(a)bachelot.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
steve.traylen(a)cern.ch
Hi,
I'd like perl-Crypt-SMIME to be updated to at least version 0.15 in EPEL 6 in
order to build another package.
Thanks and regards,
Xavier
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1459433] New: Unescaped % character in changelog
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1459433
Bug ID: 1459433
Summary: Unescaped % character in changelog
Product: Fedora
Version: rawhide
Component: perl-Plack
Severity: low
Assignee: rc040203(a)freenet.de
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de
perl-Plack-1.0044-2.fc27 has this entry in its %changelog section:
* Fri Jan 29 2016 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 1.0034-4
- Modernize spec.
- Remove ref to %%{perl_vendorlib}/Plack/Server/Apache1.pm.
- Exclude stray %{_mandir}/man3/Plack::Handler::Apache1.3pm* manpage.
The last line should escape the per-cent character by another per-cent
character.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months