Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2

Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security issues that have recently been fixed in the Bugzilla code: + Some files stored on the web server are not correctly protected against external

Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, generated insufficiently random numbers, resulting in all random

Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5

Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: * Users without the canconfirm privilege could enter a bug as NEW or ASSIGNED by

Security Advisory for Bugzilla 3.0.1 and 3.1.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers a critical security issue that has recently been fixed in the Bugzilla code: * Even with account creation disabled, users

Security Advisory for Bugzilla 3.0, 2.22.1, and 2.20.4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: + A possible cross-site scripting (XSS)

Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security issues that have recently been fixed in the Bugzilla code: + A possible cross-site scripting (XSS)

Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2

Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers six security issues that have recently been fixed in the Bugzilla code: + Sometimes the information put into the h1 and h2 tags in Bugzilla was not properly escaped,

[BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4

Summary === Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla code: + The 'whinedays' and 'mostfreqthreshold' parameters are not correctly