bugzilla.gnome.org has been upgraded to release 4.4.10: fixes CVE-2015-4499
- From: Andrea Veri <av gnome org>
- To: "infrastructure-announce gnome org" <infrastructure-announce gnome org>
- Subject: bugzilla.gnome.org has been upgraded to release 4.4.10: fixes CVE-2015-4499
- Date: Sat, 19 Sep 2015 11:59:38 +0200
Recently a security bug [1] was disclosed on Bugzilla which allowed an
attacker to successfully register an account with an email having a
domain of their choice. The security flaw had an additional side
effect related to the automatic grant of Bugzilla permissions to new
or existing accounts matching a specific email domain regex.
While luckily we didn't make use of such permissions system on our
instance, bugzilla.gnome.org has been upgraded to the 4.4.10 release
which includes the fix for CVE-2015-4499.
Have a great day,
[1] https://blog.perimeterx.com/bugzilla-cve-2015-4499/
--
Cheers,
Andrea
Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors Secretary,
GNOME Foundation Membership & Elections Committee Chairman
Homepage: http://www.gnome.org/~av
[Date Prev][Date Next] [Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
