MGASA-2014-0412

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2014-0412.html
Import Source
https://advisories.mageia.org/MGASA-2014-0412.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0412
Upstream
  • CVE-2014-1571
  • CVE-2014-1572
  • CVE-2014-1573
Published
2014-10-09T14:39:32Z
Modified
2026-04-16T06:26:30.962056164Z
Summary
Updated bugzilla packages fix security vulnerabilities
Details

Updated bugzilla packages fix security vulnerabilities:

If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group (CVE-2014-1571).

An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting (CVE-2014-1572).

During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information (CVE-2014-1573).

References
Credits

Affected packages

Mageia:3 / bugzilla

Package

Name
bugzilla
Purl
pkg:rpm/mageia/bugzilla?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.6-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2014-0412.json"

Mageia:4 / bugzilla

Package

Name
bugzilla
Purl
pkg:rpm/mageia/bugzilla?arch=source&distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.6-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2014-0412.json"