Joined: 12 May 2004
|Posted: Fri Jun 04, 2010 6:26 am Post subject: [ GLSA 201006-19 ] Bugzilla: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: Bugzilla: Multiple vulnerabilities (GLSA 201006-19)
Date: June 04, 2010
Bug(s): #239564, #258592, #264572, #284824, #303437, #303725
Bugzilla is prone to multiple medium severity vulnerabilities.
Bugzilla is a bug tracking system from the Mozilla project.
Vulnerable: < 3.2.6
Unaffected: >= 3.2.6
Architectures: All supported architectures
Multiple vulnerabilities have been reported in Bugzilla. Please review
the CVE identifiers referenced below for details.
A remote attacker might be able to disclose local files, bug
information, passwords, and other data under certain circumstances.
Furthermore, a remote attacker could conduct SQL injection, Cross-Site
Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via
There is no known workaround at this time.
All Bugzilla users should upgrade to an unaffected version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.2.6"
Bugzilla 2.x and 3.0 have reached their end of life. There will be no
more security updates. All Bugzilla 2.x and 3.0 users should update to
a supported Bugzilla 3.x version.
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum