Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 583236 (CVE-2016-2803) - <www-apps/bugzilla-{4.4.12,5.0.3}: Cross-Site Scripting (CVE-2016-2803)
Summary: <www-apps/bugzilla-{4.4.12,5.0.3}: Cross-Site Scripting (CVE-2016-2803)
Status: RESOLVED FIXED
Alias: CVE-2016-2803
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-16 20:37 UTC by Michael Weber (RETIRED)
Modified: 2016-10-10 11:49 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Weber (RETIRED) gentoo-dev 2016-05-16 20:37:20 UTC
From ML:

Today we are releasing 5.0.3, 4.4.12, and the unstable
development snapshot 5.1.1.

Bugzilla 5.0.3 is our latest stable release. It contains several
important bug fixes and a security fix for the 5.0 branch.

Bugzilla 4.4.12 is a security fix update for the 4.4 branch. It
also contains several useful bug fixes.
Comment 1 Michael Weber (RETIRED) gentoo-dev 2016-05-16 20:39:44 UTC
4.4.11 and 5.0.2 Security Advisory https://www.bugzilla.org/security/4.4.11/
Downloads are available at https://www.bugzilla.org/download/
Comment 2 Craig Inches 2016-05-20 11:49:00 UTC
https://github.com/gentoo/gentoo/pull/1498
Comment 3 Craig Inches 2016-05-21 11:01:53 UTC
The version bumps are now in the tree as unstable. Old versions remaining as they are marked as stable.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2016-06-06 17:10:54 UTC
Proxy Maintainers - Can we pull in the bump please.
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2016-06-08 07:17:26 UTC
Arches please stabilize:
=www-apps/bugzilla-4.4.12
Stable targets: amd64 x86 

=www-apps/bugzilla-5.0.3
Stable targets: amd64 x86
Comment 6 Agostino Sarubbo gentoo-dev 2016-06-10 13:02:40 UTC
amd64 stable
Comment 7 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-10 06:33:34 UTC
Added to an existing GLSA.
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-20 10:35:12 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2016-07-20 11:16:31 UTC
This issue was resolved and addressed in
 GLSA 201607-11 at https://security.gentoo.org/glsa/201607-11
by GLSA coordinator Aaron Bauman (b-man).
Comment 10 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-20 11:17:47 UTC
@maintainer(s), re-opening for cleanup.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2016-09-10 00:50:19 UTC
Maintainer(s), please drop the vulnerable version(s).

Versions: 4.4.11, 5.0.2
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-10 11:49:35 UTC
tree is clean