Bug 3996

See URL for the security advisory. Full release notes at http://www.bugzilla.org/releases/4.0.3/release-notes.html.

URL: (none) => http://www.bugzilla.org/security/3.4.12/

Testing complete on i586 for the srpm
bugzilla-4.0.3-1.1.mga1.src.rpm

I don't see a POC in the advisory, so just testing that the package works.

I've checked the password reset, adding a comment to an existing bug, and
adding a new bug.

See https://bugs.mageia.org/show_bug.cgi?id=1040#c15 for testing setup.

CC: (none) => davidwhodgins

Testing complete on x86_64


Suggested Advisory:
-------------
This update addresses the folloving CVEs:
 
- CVE-2011-3657 When viewing tabular or graphical reports as well as new charts,
an XSS vulnerability is possible in debug mode.
https://bugzilla.mozilla.org/show_bug.cgi?id=697699

- CVE-2011-3667 The User.offer_account_by_email WebService method lets you create a new user account even if the active authentication method forbids users to create an account.
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
 
- CVE-2011-3668, CVE-2011-3669 A CSRF vulnerability in post_bug.cgi and in attachment.cgi could lead to the creation of unwanted bug reports and attachments.
https://bugzilla.mozilla.org/show_bug.cgi?id=703975
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
 
In addition, following important fixes/changes have been made in this release:
see http://www.bugzilla.org/releases/4.0.3/release-notes.html

https://bugs.mageia.org/show_bug.cgi?id=3996 
-------------

SRPM: bugzilla-4.0.3-1.1.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED