Package: bugzilla Version: 2.22.1-2 Severity: important Tags: security
>From CVE-2007-4543: "Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."" Please mention the CVE id in the changelog. There are two more issues (CVE-2007-4539, CVE-2007-4538) which are only present in newer versions of bugzilla. Please take care not to upload a vulnerable version. See http://www.bugzilla.org/security/2.20.4/ for details. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
