[Bug 1205913] New: Please branch perl-Chart for EPEL7
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1205913
Bug ID: 1205913
Summary: Please branch perl-Chart for EPEL7
Product: Fedora EPEL
Version: epel7
Component: perl-Chart
Assignee: psabata(a)redhat.com
Reporter: jamielinux(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
psabata(a)redhat.com, steve(a)silug.org
It seems to build fine using the f21 srpm. (The rawhide srpm complains that
perl-ExtUtils-MakeMaker is too old.)
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1546887] New: CVE-2018-5123 bugzilla:
CSRF in report.cgi allows to extract confidential information from a bug
[epel-6]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1546887
Bug ID: 1546887
Summary: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to
extract confidential information from a bug [epel-6]
Product: Fedora EPEL
Version: el6
Component: bugzilla
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: itamar(a)ispbrasil.com.br
Reporter: lpardo(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br,
perl-devel(a)lists.fedoraproject.org
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1185483] New: CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1185483
Bug ID: 1185483
Summary: CVE-2014-8630 Bugzilla: Command Injection into product
names and other attributes
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br,
perl-devel(a)lists.fedoraproject.org,
xavier(a)bachelot.org
The Bugzilla project reports:
Class: Command Injection
Versions: All versions before 4.0.16, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6,
4.5.1 to 4.5.6
Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Some code in Bugzilla does not properly utilize 3 arguments form
for open() and it is possible for an account with editcomponents
permissions to inject commands into product names and other
attributes.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
CVE Number: CVE-2014-8630
External references:
http://www.bugzilla.org/security/4.0.15/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wv1CAf1O1K&a=cc_unsubscribe
6 years, 1 month
[Bug 1150091] New: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1150091
Bug ID: 1150091
Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla:
security fixes release
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br, mcepl(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Upstream has issued an advisory today (October 6):
http://www.bugzilla.org/security/4.0.14/
Class: Unauthorized Account Creation
Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to
the
user being created with a different email address than originally
requested. The overridden login name could be automatically added
to groups based on the group's regular expression setting.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE Number: CVE-2014-1572
Class: Cross-Site Scripting
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: During an audit of the Bugzilla code base, several places
were found where cross-site scripting exploits could occur which
could allow an attacker to access sensitive information.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE Number: CVE-2014-1573
Class: Information Leak
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: If a new comment was marked private to the insider group, and a
flag
was set in the same transaction, the comment would be visible to
flag recipients even if they were not in the insider group.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE Number: CVE-2014-1571
Class: Social Engineering
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: Search results can be exported as a CSV file which can then be
imported into external spreadsheet programs. Specially formatted
field values can be interpreted as formulas which can be executed
and used to attack a user's computer.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0XmWcvadmK&a=cc_unsubscribe
6 years, 1 month