- update to bugzilla 4.4.6
Summary
The following security issues have been discovered in Bugzilla:
- The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override.
- Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information.
- Private comments can be shown to flagmail recipients who aren't in the insider group
- Specially formatted values in a CSV search results export could be used in spreadsheet software to attack a user's computer.
Security: CVE-2014-1572
CVE-2014-1571 CVE-2014-1571