• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Bugzilla quips Feature Cross Site Scripting Vulnerability

Solution:
Debian has released fixes which address this issue. It should be noted that this issue only affects those Debian users who have upgraded from version 2.10, which isn't provided through Debian. Fixes are provided for Debian users who may have installed Bugzilla 2.10.

Patches are available for Bugzilla 2.14.4 and 2.16.1. Bugzilla 2.17 users are advised to obtain a patch via CVS. Detailed information is available in the referenced message.

Fixes are available:


Mozilla Bugzilla 2.10

• Debian bugzilla-doc_2.14.2-0woody3_all.deb
  http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla-doc_2 .14.2-0woody3_all.deb


• Debian bugzilla_2.14.2-0woody3_all.deb
  http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14. 2-0woody3_all.deb

Mozilla Bugzilla 2.14

• Bugzilla Bugzilla 2.14.5
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.14.1

• Bugzilla Bugzilla 2.14.5
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.14.2

• Bugzilla Bugzilla 2.14.5
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.14.3

• Bugzilla Bugzilla 2.14.5
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.14.4

• Bugzilla Bugzilla 2.14.5
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.16

• Bugzilla Bugzilla 2.16.2
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.16.1

• Bugzilla Bugzilla 2.16.2
  http://www.bugzilla.org/download.html

Mozilla Bugzilla 2.17

• Bugzilla Bugzilla 2.17.3
  http://www.bugzilla.org/download.html