Updated bugzilla packages fix CVE-2014-8630
Publication date: 31 Jan 2015Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8630
Description
Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes (CVE-2014-8630).
References
SRPMS
4/core
- bugzilla-4.4.8-1.mga4