[Webapps-common-packages] Bug#409824: bugzilla: XSS vulnerability in Atom feeds
Simon Walter
simon.walter at hp-factory.de
Mon Feb 5 19:49:05 UTC 2007
Package: bugzilla
Version: 2.22.1-2
Severity: normal
Tags: security
A possible cross-site scripting (XSS) vulnerability in Atom feeds produced by Bugzilla.
http://www.bugzilla.org/security/2.20.3/
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (200, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-k7-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Versions of packages bugzilla depends on:
ii apache2-mpm-prefork [htt 2.0.54-5sarge1 traditional model for Apache2
ii dbconfig-common 1.8.29 common framework for packaging dat
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii exim4 4.50-8sarge2 metapackage to ease exim MTA (v4)
ii exim4-daemon-heavy [mail 4.50-8sarge2 exim MTA (v4) daemon with extended
ii libappconfig-perl 1.56-2 Perl module for configuration file
ii libdbd-mysql-perl 2.9006-1 A Perl5 database interface to the
ii libmailtools-perl 1.74-1 Manipulate email in perl programs
ii libmime-perl 5.417-1 Perl5 modules for MIME-compliant m
ii libtemplate-perl 2.14-1 template processing system written
ii libtimedate-perl 1.1600-4 Time and date functions for Perl
ii mysql-client-4.1 [mysql- 4.1.11a-4sarge7 mysql database client binaries
ii patch 2.5.9-2 Apply a diff file to an original
ii ucf 1.17 Update Configuration File: preserv
-- debconf information:
bugzilla/mysql_user: bugzilla
bugzilla/mysql_available: true
* bugzilla/dbconfig-install: false
bugzilla/mysql/admin-user:
bugzilla/remove-error: abort
bugzilla/mysql/method: unix socket
bugzilla/internal/reconfiguring: false
bugzilla/bugzilla_installation_way: Automatic
* bugzilla/bugzilla_admin_real_name: Simon Walter
bugzilla/mysql_host: localhost
bugzilla/upgrade-error: abort
bugzilla/dbconfig-reinstall: false
bugzilla/db/app-user:
bugzilla/internal/skip-preseed: false
bugzilla/purge: false
* bugzilla/bugzilla_installation_way_single: Later
bugzilla/upgrade-backup: true
bugzilla/db/dbname:
bugzilla/dbconfig-remove:
bugzilla/database-type: mysql
bugzilla/mysql_need_root: true
bugzilla/remote/host:
bugzilla/mysql_root_name: root
bugzilla/remote/port:
bugzilla/index_upgrade1:
bugzilla/mysql_name: bugzilla
bugzilla/dbconfig-upgrade: true
bugzilla/install-error: abort
* bugzilla/bugzilla_admin_name: webmaster at thargor.org
bugzilla/passwords-do-not-match:
bugzilla/remote/newhost:
bugzilla/mysql_port: 3306
bugzilla/index_upgrade2:
More information about the Webapps-common-packages
mailing list