https://bugzilla.redhat.com/show_bug.cgi?id=1185483
Bug ID: 1185483
Summary: CVE-2014-8630 Bugzilla: Command Injection into product
names and other attributes
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: kseifr...@redhat.com
CC: bazanlui...@gmail.com, emman...@seyman.fr,
ita...@ispbrasil.com.br,
perl-devel@lists.fedoraproject.org,
xav...@bachelot.org
The Bugzilla project reports:
Class: Command Injection
Versions: All versions before 4.0.16, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6,
4.5.1 to 4.5.6
Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1
Description: Some code in Bugzilla does not properly utilize 3 arguments form
for open() and it is possible for an account with editcomponents
permissions to inject commands into product names and other
attributes.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
CVE Number: CVE-2014-8630
External references:
http://www.bugzilla.org/security/4.0.15/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=wv1CAf1O1K&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
