bugzilla.gnome.org has been upgraded to release 4.4.10: fixes CVE-2015-4499



Recently a security bug [1] was disclosed on Bugzilla which allowed an
attacker to successfully register an account with an email having a
domain of their choice. The security flaw had an additional side
effect related to the automatic grant of Bugzilla permissions to new
or existing accounts matching a specific email domain regex.

While luckily we didn't make use of such permissions system on our
instance, bugzilla.gnome.org has been upgraded to the 4.4.10 release
which includes the fix for CVE-2015-4499.

Have a great day,

[1] https://blog.perimeterx.com/bugzilla-cve-2015-4499/

-- 
Cheers,

Andrea

Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors Secretary,
GNOME Foundation Membership & Elections Committee Chairman

Homepage: http://www.gnome.org/~av


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]