FreeBSD : bugzilla -- multiple vulnerabilities (75231c63-f6a2-499d-8e27-787773bda284)
Medium Nessus Plugin ID 26090
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Bugzilla Security Advisory reports :
This advisory covers three security issues that have recently been fixed in the Bugzilla code :
- A possible cross-site scripting (XSS) vulnerability when filing bugs using the guided form.
- When using email_in.pl, insufficiently escaped data may be passed to sendmail.
- Users using the WebService interface may access Bugzilla's time-tracking fields even if they normally cannot see them.
We strongly advise that 2.20.x and 2.22.x users should upgrade to 2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or below, should upgrade to 3.0.1.
SolutionUpdate the affected packages.