From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200611-04.xml | 87 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 metadata/glsa/glsa-200611-04.xml (limited to 'metadata/glsa/glsa-200611-04.xml') diff --git a/metadata/glsa/glsa-200611-04.xml b/metadata/glsa/glsa-200611-04.xml new file mode 100644 index 000000000000..7a5152db33eb --- /dev/null +++ b/metadata/glsa/glsa-200611-04.xml @@ -0,0 +1,87 @@ + + + + Bugzilla: Multiple Vulnerabilities + + Bugzilla is vulnerable to cross-site scripting, script injection, and + request forgery. + + bugzilla + 2006-11-09 + 2006-11-09: 01 + 151563 + remote + + + 2.18.6 + 2.18.6 + + + +

+ Bugzilla is a bug tracking system used to allow developers to more + easily track outstanding bugs in products. +

+ + +

+ The vulnerabilities identified in Bugzilla are as follows: +

+
    +
  • Frederic Buclin and Gervase Markham discovered that input passed to + various fields throughout Bugzilla were not properly sanitized before + being sent back to users (CVE-2006-5453).
    • +
  • Frederic Buclin and Josh "timeless" Soref discovered a bug when + viewing attachments in diff mode that allows users not of the + "insidergroup" to read attachment descriptions. Additionally, it was + discovered that the "deadline" field is visible to users who do not + belong to the "timetrackinggroup" when bugs are exported to XML + (CVE-2006-5454).
    • +
  • Gavin Shelley reported that Bugzilla allows certain operations to + be performed via HTTP GET and HTTP POST requests without verifying + those requests properly (CVE-2006-5455).
    • +
  • Max Kanat-Alexander discovered that input passed to + showdependencygraph.cgi is not properly sanitized before being returned + to users (CVE-2006-5453).
    • +
+ + +

+ An attacker could inject scripts into the content loaded by a user's + browser in order to have those scripts executed in a user's browser in + the context of the site currently being viewed. This could include + gaining access to privileged session information for the site being + viewed. Additionally, a user could forge an HTTP request in order to + create, modify, or delete bugs within a Bugzilla instance. Lastly, an + unauthorized user could view sensitive information about bugs or bug + attachments. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Bugzilla users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-2.18.6" + + + CVE-2006-5453 + CVE-2006-5454 + CVE-2006-5455 + + + vorlon078 + + + shellsage + + + falco + + -- cgit v1.2.3