Advisories » MGASA-2016-0201

Updated bugzilla packages fix CVE-2016-2803

Publication date: 21 May 2016
Modification date: 21 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2803

Description

Updated bugzilla packages fix security vulnerability:

In Bugzilla before 4.4.12, due to an incorrect parsing of the image map
generated by the dot script, a specially crafted bug summary could trigger XSS
in dependency graphs (CVE-2016-2803).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18480
• https://www.bugzilla.org/security/4.4.11/
• https://www.bugzilla.org/releases/4.4.12/release-notes.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2803

SRPMS

5/core

• bugzilla-4.4.12-1.mga5