stable

bugzilla-4.4.8-1.fc21.1

FEDORA-2015-1713 created by eseyman 7 years ago for Fedora 21

This is a security update for Bugzilla which fixes two issues:

  • A user with editcomponents permissions could possibly inject system commands in product names and possibly other attributes.
  • Methods from imported modules could possibly be executed using the WebService API.

The first issue is tracked as CVE-2014-8630. See https://www.bugzilla.org/security/4.0.15/ for all the details.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2015-1713

This update has been submitted for testing by eseyman.

7 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/34404/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/34404/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for stable by eseyman.

7 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36609/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

7 years ago

This update is currently being pushed to the Fedora 21 stable updates repository.

7 years ago

This update has been pushed to stable

7 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#1070979 Access to /var/lib/bugzilla/data/webdot is denied by default bugzilla.conf
0
0
BZ#1185483 CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
0
0
BZ#1185484 CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [fedora-all]
0
0

Automated Test Results

None