--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9550
2009-09-15 06:22:42
--------------------------------------------------------------------------------

Name        : bugzilla
Product     : Fedora 10
Version     : 3.2.5
Release     : 1.fc10
URL         : https://www.bugzilla.org/
Summary     : Bug tracking system
Description :
Bugzilla is a popular bug tracking system used by multiple open source projects
It requires a database engine installed - either MySQL, PostgreSQL or Oracle.
Without one of these database engines (local or remote), Bugzilla will not work
- see the Release Notes for details.

--------------------------------------------------------------------------------
Update Information:

Update to upstream version 3.2.5 fixing two SQL injection security flaws
(CVE-2009-3125, CVE-2009-3165) detailed in the upstream security advisory:
https://www.bugzilla.org/security/3.0.8/
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 11 2009 Emmanuel Seyman  - 3.2.5-1
- Update to 3.2.5 (CVE-2009-3125, CVE-2009-3165 and CVE-2009-3166)
* Wed Jul  8 2009 Itamar Reis Peixoto  - 3.2.4-1
- fix https://bugzilla.mozilla.org/show_bug.cgi?id=495257
* Mon Apr  6 2009 Itamar Reis Peixoto  3.2.3-1
- fix CVE-2009-1213
* Thu Mar  5 2009 Itamar Reis Peixoto  3.2.2-2
- fix from BZ #474250 Comment #16, from Chris Eveleigh -->
- add python BR for contrib subpackage
- fix description
- change Requires perl-SOAP-Lite to perl(SOAP::Lite) according guidelines
* Sun Mar  1 2009 Itamar Reis Peixoto  3.2.2-1
- thanks to Chris Eveleigh 
- for contributing with patches :-)
- Upgrade to upstream 3.2.2 to fix multiple security vulns
- Removed old perl_requires exclusions, added new ones for RADIUS, Oracle and sanitycheck.cgi
- Added Oracle to supported DBs in description (and moved line breaks)
- Include a patch to fix max_allowed_packet warnin when using with mysql
* Sat Feb 28 2009 Itamar Reis Peixoto  3.0.8-1
- Upgrade to 3.0.8, fix #466077 #438080
- fix macro in changelog rpmlint warning
- fix files-attr-not-set rpmlint warning for doc and contrib sub-packages
* Mon Feb 23 2009 Fedora Release Engineering  - 3.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Feb  2 2009 Stepan Kasal  - 3.0.4-3
- do not require perl-Email-Simple, it is (no longer) in use
- remove several explicit perl-* requires; the automatic dependencies
  do handle them
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #522547 - "major security issue" bugfix release imminent
        https://bugzilla.redhat.com/show_bug.cgi?id=522547
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update bugzilla' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: bugzilla-3.2.5-1.fc10

September 18, 2009
Update to upstream version 3.2.5 fixing two SQL injection security flaws (CVE-2009-3125, CVE-2009-3165) detailed in the upstream security advisory: https://www.bugzilla.org/securi...

Summary

Bugzilla is a popular bug tracking system used by multiple open source projects

It requires a database engine installed - either MySQL, PostgreSQL or Oracle.

Without one of these database engines (local or remote), Bugzilla will not work

- see the Release Notes for details.

Update Information:

Update to upstream version 3.2.5 fixing two SQL injection security flaws (CVE-2009-3125, CVE-2009-3165) detailed in the upstream security advisory: https://www.bugzilla.org/security/3.0.8/

Change Log

* Fri Sep 11 2009 Emmanuel Seyman - 3.2.5-1 - Update to 3.2.5 (CVE-2009-3125, CVE-2009-3165 and CVE-2009-3166) * Wed Jul 8 2009 Itamar Reis Peixoto - 3.2.4-1 - fix https://bugzilla.mozilla.org/show_bug.cgi?id=495257 * Mon Apr 6 2009 Itamar Reis Peixoto 3.2.3-1 - fix CVE-2009-1213 * Thu Mar 5 2009 Itamar Reis Peixoto 3.2.2-2 - fix from BZ #474250 Comment #16, from Chris Eveleigh --> - add python BR for contrib subpackage - fix description - change Requires perl-SOAP-Lite to perl(SOAP::Lite) according guidelines * Sun Mar 1 2009 Itamar Reis Peixoto 3.2.2-1 - thanks to Chris Eveleigh - for contributing with patches :-) - Upgrade to upstream 3.2.2 to fix multiple security vulns - Removed old perl_requires exclusions, added new ones for RADIUS, Oracle and sanitycheck.cgi - Added Oracle to supported DBs in description (and moved line breaks) - Include a patch to fix max_allowed_packet warnin when using with mysql * Sat Feb 28 2009 Itamar Reis Peixoto 3.0.8-1 - Upgrade to 3.0.8, fix #466077 #438080 - fix macro in changelog rpmlint warning - fix files-attr-not-set rpmlint warning for doc and contrib sub-packages * Mon Feb 23 2009 Fedora Release Engineering - 3.0.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Feb 2 2009 Stepan Kasal - 3.0.4-3 - do not require perl-Email-Simple, it is (no longer) in use - remove several explicit perl-* requires; the automatic dependencies do handle them

References

[ 1 ] Bug #522547 - "major security issue" bugfix release imminent https://bugzilla.redhat.com/show_bug.cgi?id=522547

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : bugzilla
Product : Fedora 10
Version : 3.2.5
Release : 1.fc10
URL : https://www.bugzilla.org/
Summary : Bug tracking system

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
2 - 3 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved