Upstream has issued an advisory on May 16: https://www.bugzilla.org/security/4.4.11/ The issue is fixed in 4.4.12: https://www.bugzilla.org/releases/4.4.12/release-notes.html Updated packages uploaded for Mageia 5 and Cauldron by Thomas Backlund. Advisory: ======================== Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs (CVE-2016-2803). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2803 https://www.bugzilla.org/security/4.4.11/ https://www.bugzilla.org/releases/4.4.12/release-notes.html ======================== Updated packages in core/updates_testing: ======================== bugzilla-4.4.12-1.mga5.noarch.rpm bugzilla-contrib-4.4.12-1.mga5.noarch.rpm from bugzilla-4.4.12-1.mga5.src.rpm
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=9088#c14
CC: (none) => tmbWhiteboard: (none) => has_procedure
URL: (none) => http://lwn.net/Vulnerabilities/688207/
Testing complete mga5 64 Installed, created bug, updated, created another bug.
Whiteboard: has_procedure => has_procedure mga5-64-ok
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0201.html
Status: NEW => RESOLVEDResolution: (none) => FIXED