Fedora 20 : bugzilla-4.2.7-1.fc20 (2013-19402)

The following security issues have been discovered in Bugzilla 4.2.6 : - A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. - Several unfiltered parameters when editing flagtypes can lead to XSS. - Due to an incomplete fix for CVE-2012-4189, so...

Fedora 19 : bugzilla-4.2.7-1.fc19 (2013-19480)

The following security issues have been discovered in Bugzilla 4.2.6 : - A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. - Several unfiltered parameters when editing flagtypes can lead to XSS. - Due to an incomplete fix for CVE-2012-4189, so...

Fedora 18 : bugzilla-4.2.7-1.fc18 (2013-19458)

The following security issues have been discovered in Bugzilla 4.2.6 : - A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. - Several unfiltered parameters when editing flagtypes can lead to XSS. - Due to an incomplete fix for CVE-2012-4189, so...

CVE-2013-1734

Cross-site request forgery CSRF vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via a...