Bugzilla Default HTML Template Cross-Site Scripting Vulnerabilities

Bugzilla Default HTML Template Cross-Site Scripting Vulnerabilities

Solution:
Conectiva has released an advisory (CLA-2003:653) and fixes to address this issue. See attached advisory for details on obtaining and applying fixes.

The vendor has addressed this issue in Bugzilla 2.16.3 and 2.17.4. Patches may be obtained at the following location:

http://ftp.mozilla.org/pub/webtools/

Full release upgrades and CVS upgrade instructions will be made available here:

http://www.bugzilla.org/download.html

Users should contact individual localization maintainers for details on whether their particular localization is affected and details on obtaining fixes.

Mozilla Bugzilla 2.16.2

Conectiva bugzilla-2.16.3-29154U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/bugzilla-2.16.3-29154U90_1c l.i386.rpm

Conectiva bugzilla-2.16.3-29154U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/bugzilla-2.16.3-29154U90_1 cl.src.rpm

Conectiva bugzilla-doc-2.16.3-29154U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/bugzilla-doc-2.16.3-29154U9 0_1cl.i386.rpm

Conectiva perl-timedate-1.14-27918U90_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-timedate-1.14-27918U90 _3cl.i386.rpm

Conectiva perl-timedate-1.14-27918U90_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/perl-timedate-1.14-27918U9 0_3cl.src.rpm