[Webapps-common-packages] Bug#409824: bugzilla: XSS vulnerability in Atom feeds

Simon Walter simon.walter at hp-factory.de
Mon Feb 5 19:49:05 UTC 2007 

Package: bugzilla
Version: 2.22.1-2
Severity: normal
Tags: security


A possible cross-site scripting (XSS) vulnerability in Atom feeds produced by Bugzilla.

http://www.bugzilla.org/security/2.20.3/

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (200, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-k7-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)

Versions of packages bugzilla depends on:
ii  apache2-mpm-prefork [htt 2.0.54-5sarge1  traditional model for Apache2
ii  dbconfig-common          1.8.29          common framework for packaging dat
ii  debconf [debconf-2.0]    1.4.30.13       Debian configuration management sy
ii  exim4                    4.50-8sarge2    metapackage to ease exim MTA (v4) 
ii  exim4-daemon-heavy [mail 4.50-8sarge2    exim MTA (v4) daemon with extended
ii  libappconfig-perl        1.56-2          Perl module for configuration file
ii  libdbd-mysql-perl        2.9006-1        A Perl5 database interface to the 
ii  libmailtools-perl        1.74-1          Manipulate email in perl programs
ii  libmime-perl             5.417-1         Perl5 modules for MIME-compliant m
ii  libtemplate-perl         2.14-1          template processing system written
ii  libtimedate-perl         1.1600-4        Time and date functions for Perl
ii  mysql-client-4.1 [mysql- 4.1.11a-4sarge7 mysql database client binaries
ii  patch                    2.5.9-2         Apply a diff file to an original
ii  ucf                      1.17            Update Configuration File: preserv

-- debconf information:
  bugzilla/mysql_user: bugzilla
  bugzilla/mysql_available: true
* bugzilla/dbconfig-install: false
  bugzilla/mysql/admin-user:
  bugzilla/remove-error: abort
  bugzilla/mysql/method: unix socket
  bugzilla/internal/reconfiguring: false
  bugzilla/bugzilla_installation_way: Automatic
* bugzilla/bugzilla_admin_real_name: Simon Walter
  bugzilla/mysql_host: localhost
  bugzilla/upgrade-error: abort
  bugzilla/dbconfig-reinstall: false
  bugzilla/db/app-user:
  bugzilla/internal/skip-preseed: false
  bugzilla/purge: false
* bugzilla/bugzilla_installation_way_single: Later
  bugzilla/upgrade-backup: true
  bugzilla/db/dbname:
  bugzilla/dbconfig-remove:
  bugzilla/database-type: mysql
  bugzilla/mysql_need_root: true
  bugzilla/remote/host:
  bugzilla/mysql_root_name: root
  bugzilla/remote/port:
  bugzilla/index_upgrade1:
  bugzilla/mysql_name: bugzilla
  bugzilla/dbconfig-upgrade: true
  bugzilla/install-error: abort
* bugzilla/bugzilla_admin_name: webmaster at thargor.org
  bugzilla/passwords-do-not-match:
  bugzilla/remote/newhost:
  bugzilla/mysql_port: 3306
  bugzilla/index_upgrade2:

More information about the Webapps-common-packages mailing list