Advisories ยป MGASA-2015-0048

Updated bugzilla packages fix CVE-2014-8630

Publication date: 31 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8630

Description

Updated bugzilla packages fix security vulnerability:

Some code in Bugzilla does not properly utilize 3 arguments form for open()
and it is possible for an account with editcomponents permissions to inject
commands into product names and other attributes (CVE-2014-8630).
                

References

SRPMS

4/core