-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-10669 2010-07-05 21:32:52 --------------------------------------------------------------------------------
Name : bugzilla Product : Fedora 13 Version : 3.4.7 Release : 2.fc13 URL : http://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: The Bugzilla team has released v3.4.7 of their software, which fixes a remote information disclosure bug (users can search on time-tracking values even if they are not permitted to see them). See CVE-2010-1204 for all the gory details. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 30 2010 Emmanuel Seyman <[email protected]> - 3.4.7-2 - Remove mod_perl from the requirements (#600924) * Fri Jun 25 2010 Emmanuel Seyman <[email protected]> - 3.4.7-1 - Update to 3.4.7 (CVE-2010-1204) -------------------------------------------------------------------------------- References: [ 1 ] Bug #608821 - CVE-2010-1204 Bugzilla: Sensitive time-tracking information disclosure via specially-crafted URL https://bugzilla.redhat.com/show_bug.cgi?id=608821 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
