Updated bugzilla packages fix security vulnerability
Publication date: 19 Mar 2018Modification date: 19 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5123
Description
A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to (CVE-2018-5123).
References
- https://bugs.mageia.org/show_bug.cgi?id=22735
- https://www.bugzilla.org/security/4.4.12/
- https://www.bugzilla.org/releases/5.0.4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P5C2KWZ264F2MRWTJ2AJWMBZX7MOKV4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5123
SRPMS
6/core
- bugzilla-5.0.4-1.mga6