583236 – (CVE-2016-2803) <www-apps/bugzilla-{4.4.12,5.0.3}: Cross-Site Scripting (CVE-2016-2803)

Bug 583236 (CVE-2016-2803) - <www-apps/bugzilla-{4.4.12,5.0.3}: Cross-Site Scripting (CVE-2016-2803)

Summary: <www-apps/bugzilla-{4.4.12,5.0.3}: Cross-Site Scripting (CVE-2016-2803)

Status:	RESOLVED FIXED

Alias:	CVE-2016-2803

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2016-05-16 20:37 UTC by Michael Weber (RETIRED)
Modified:	2016-10-10 11:49 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Weber (RETIRED) gentoo-dev

2016-05-16 20:37:20 UTC

From ML:

Today we are releasing 5.0.3, 4.4.12, and the unstable
development snapshot 5.1.1.

Bugzilla 5.0.3 is our latest stable release. It contains several
important bug fixes and a security fix for the 5.0 branch.

Bugzilla 4.4.12 is a security fix update for the 4.4 branch. It
also contains several useful bug fixes.

Comment 1 Michael Weber (RETIRED) gentoo-dev

2016-05-16 20:39:44 UTC

4.4.11 and 5.0.2 Security Advisory https://www.bugzilla.org/security/4.4.11/
Downloads are available at https://www.bugzilla.org/download/

Comment 2 Craig Inches 2016-05-20 11:49:00 UTC

https://github.com/gentoo/gentoo/pull/1498

Comment 3 Craig Inches 2016-05-21 11:01:53 UTC

The version bumps are now in the tree as unstable. Old versions remaining as they are marked as stable.

Comment 4 Yury German Gentoo Infrastructure

2016-06-06 17:10:54 UTC

Proxy Maintainers - Can we pull in the bump please.

Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-06-08 07:17:26 UTC

Arches please stabilize:
=www-apps/bugzilla-4.4.12
Stable targets: amd64 x86 

=www-apps/bugzilla-5.0.3
Stable targets: amd64 x86

Comment 6 Agostino Sarubbo gentoo-dev

2016-06-10 13:02:40 UTC

amd64 stable

Comment 7 Aaron Bauman (RETIRED) gentoo-dev

2016-07-10 06:33:34 UTC

Added to an existing GLSA.

Comment 8 Agostino Sarubbo gentoo-dev

2016-07-20 10:35:12 UTC

x86 stable.

Maintainer(s), please cleanup.

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2016-07-20 11:16:31 UTC

This issue was resolved and addressed in
 GLSA 201607-11 at https://security.gentoo.org/glsa/201607-11
by GLSA coordinator Aaron Bauman (b-man).

Comment 10 Aaron Bauman (RETIRED) gentoo-dev

2016-07-20 11:17:47 UTC

@maintainer(s), re-opening for cleanup.

Comment 11 Yury German Gentoo Infrastructure

2016-09-10 00:50:19 UTC

Maintainer(s), please drop the vulnerable version(s).

Versions: 4.4.11, 5.0.2

Comment 12 Aaron Bauman (RETIRED) gentoo-dev

2016-10-10 11:49:35 UTC

tree is clean