This is the list of outstanding security problems. As you haven't reacted to the account compromise problem, I intend to NMU these fixes by packaging 3.6.4 from upstream (as soon as I can work out how to integrate a new upstream release).
CVE-2011-0048[0]: | Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and | 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or | (2) data: URI in the URL (aka bug_file_loc) field, which allows remote | attackers to conduct cross-site scripting (XSS) attacks against | logged-out users via a crafted URI. CVE-2011-0046[1]: | Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla | before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x | before 4.0rc2 allow remote attackers to hijack the authentication of | arbitrary users for requests related to (1) adding a saved search in | buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in | sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) | column changing in colchange.cgi, and (6) adding, deleting, or | approving a quip in quips.cgi. CVE-2010-4572[2]: | CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, | 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 | allows remote attackers to inject arbitrary HTTP headers and conduct | HTTP response splitting attacks via the query string, a different | vulnerability than CVE-2010-2761 and CVE-2010-4411. CVE-2010-4568[3]: | Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; | 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does | not properly generate random values for cookies and tokens, which | allows remote attackers to obtain access to arbitrary accounts via | unspecified vectors, related to an insufficient number of calls to the | srand function. CVE-2010-4567[4]: | Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and | 4.0.x before 4.0rc2 does not properly handle whitespace preceding a | (1) javascript: or (2) data: URI, which allows remote attackers to | conduct cross-site scripting (XSS) attacks via the URL (aka | bug_file_loc) field. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0048 http://security-tracker.debian.org/tracker/CVE-2011-0048 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0046 http://security-tracker.debian.org/tracker/CVE-2011-0046 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4572 http://security-tracker.debian.org/tracker/CVE-2010-4572 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568 http://security-tracker.debian.org/tracker/CVE-2010-4568 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4567 http://security-tracker.debian.org/tracker/CVE-2010-4567 -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature
