U radu programskog paketa Bugzilla otkriveni su višestruki sigurnosni propusti koji napadaču omogućuju umetanje proizvoljnih e-mail zaglavlja, otkrivanje osjetljivih informacija te umetanje proizvoljne web skripte ili HTML koda.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10426
2011-08-05 23:29:08
--------------------------------------------------------------------------------

Name        : bugzilla
Product     : Fedora 15
Version     : 3.6.6
Release     : 1.fc15
URL         : http://www.bugzilla.org/
Summary     : Bug tracking system
Description :
Bugzilla is a popular bug tracking system used by multiple open source
projects
It requires a database engine installed - either MySQL, PostgreSQL or Oracle.
Without one of these database engines (local or remote), Bugzilla will not
work
- see the Release Notes for details.

--------------------------------------------------------------------------------
Update Information:

The Bugzilla developers have discovered a number of security bugs in Bugzilla.
These are CVE-2011-2379, CVE-2011-2380, CVE-2011-2979, CVE-2011-2381,
CVE-2011-2978, CVE-2011-2977.

This release fixes these bugs.
See http://www.bugzilla.org/security/3.4.11/ for all known details.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug  5 2011 Emmanuel Seyman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.6-1
- Update to 3.6.6
- Move graphs to /var/lib/bugzilla/graphs.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #710142 - SELinux is preventing /usr/bin/perl from 'write' accesses
on the directory /usr/share/bugzilla/graphs.
        https://bugzilla.redhat.com/show_bug.cgi?id=710142
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update bugzilla' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10413
2011-08-05 23:28:42
--------------------------------------------------------------------------------

Name        : bugzilla
Product     : Fedora 14
Version     : 3.6.6
Release     : 1.fc14
URL         : http://www.bugzilla.org/
Summary     : Bug tracking system
Description :
Bugzilla is a popular bug tracking system used by multiple open source
projects
It requires a database engine installed - either MySQL, PostgreSQL or Oracle.
Without one of these database engines (local or remote), Bugzilla will not
work
- see the Release Notes for details.

--------------------------------------------------------------------------------
Update Information:

The Bugzilla developers have discovered a number of security bugs in Bugzilla.
These are CVE-2011-2379, CVE-2011-2380, CVE-2011-2979, CVE-2011-2381,
CVE-2011-2978, CVE-2011-2977.

This release fixes these bugs.
See http://www.bugzilla.org/security/3.4.11/ for all known details.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug  5 2011 Emmanuel Seyman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.6-1
- Update to 3.6.6
- Move graphs to /var/lib/bugzilla/graphs.
* Sun May  1 2011 Emmanuel Seyman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.5-1
- Update to 3.6.5
- Patch the installation procedure to recommend yum
* Mon Mar  7 2011 Emmanuel Seyman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.4-2
- Put contrib/recode.pl in the main package so that it no longer depends on
  python and ruby
- Remove the contents of the lib/ directory, not the directory itself.
- Remove unused patch
* Tue Jan 25 2011 Emmanuel Seyman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.4-1
- Update to 3.6.4
* Wed Nov  3 2010 Emmanuel Seyman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.3-1
- Update to 3.6.3 (#649406)
- Fix webdot alias in /etc/httpd/conf.d/bugzilla (#630255)
- Do not apply graphs patch (upstreamed)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #710142 - SELinux is preventing /usr/bin/perl from 'write' accesses
on the directory /usr/share/bugzilla/graphs.
        https://bugzilla.redhat.com/show_bug.cgi?id=710142
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update bugzilla' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce