Fedora 16 : bugzilla-4.0.9-1.fc16 (2012-18224)

These releases fix a number of issues with Bugzilla. - Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field. - When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if...

CVE-2012-5883

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors...