MGASA-2018-0173 Updated bugzilla packages fix security vulnerability

A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to CVE-2018-5123...

MGASA-2016-0201 Updated bugzilla packages fix CVE-2016-2803

Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803...

MGASA-2015-0048 Updated bugzilla packages fix CVE-2014-8630

Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...

MGASA-2014-0349 Updated bugzilla packages fix a CSRF vulnerability

Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...