.
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * An attacker can get access to some bug information using the victim's credentials using a specially crafted HTML page. All affected installations are encouraged to upgrade as soon as possible. Vulnerability Details ===================== Class: Cross Site Request Forgery Versions: 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4 Fixed In: 4.0.14, 4.2.10, 4.4.5, 4.5.5 Description: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213 CVE Number: CVE-2014-1546
CVE-2014-1546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1546): The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.
No ebuilds in the tree are vulnerable. Removed months ago.
