Upstream has issued an advisory on January 21: http://www.bugzilla.org/security/4.0.15/ The issue is fixed in 4.4.7. Mageia 4 is also affected. According to Olav, this version causes a regression and 4.4.8 is planned. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO
Version 4.4.8 has been released: http://www.bugzilla.org/releases/4.4.8/release-notes.html Freeze push requested for Cauldron, updates checked into SVN.
Updated package uploaded for Mageia 4. Freeze push pending for Cauldron. Advisory: ======================== Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes (CVE-2014-8630). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8630 http://www.bugzilla.org/security/4.0.15/ http://www.bugzilla.org/releases/4.4.8/release-notes.html ======================== Updated packages in core/updates_testing: ======================== bugzilla-4.4.8-1.mga4.noarch.rpm bugzilla-contrib-4.4.8-1.mga4.noarch.rpm from bugzilla-4.4.8-1.mga4.src.rpm
Whiteboard: MGA4TOO => (none)Assignee: bugsquad => qa-bugsVersion: Cauldron => 4
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=9088#c14
Whiteboard: (none) => has_procedure
Testing on Mageia4-32 real hardware, retracing my steps in previous bug (https://bugs.mageia.org/show_bug.cgi?id=14241#c2) based on procedure mentioned in comment 3. Did not fin any PoC in http://www.bugzilla.org/security/4.0.15/ From current package : -------------------- bugzilla-4.4.6-1.mga4 Installed bugzilla using mysql, Browsed to http://localhost/bugzilla/ Logged in, created bugs, deleted bugs, made replies, attached files, logged out and back in, etc. All OK To updated testing package : -------------------------- bugzilla-4.4.8-1.mga4 Restarted httpd, Browsed to http://localhost/bugzilla/ Logged in and found my previous bugs, added some, deleted, attached files... All OK
Whiteboard: has_procedure => has_procedure MGA4-32-OKCC: (none) => olchal
Testing complete mga4 64
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok
Validating. Advisory uploaded. Could sysadmin please push to 4 updates Thanks
Whiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-okKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0048.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
URL: (none) => http://lwn.net/Vulnerabilities/631503/