https://bugzilla.redhat.com/show_bug.cgi?id=1185483 Bug ID: 1185483 Summary: CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: kseifried@xxxxxxxxxx CC: bazanluis20@xxxxxxxxx, emmanuel@xxxxxxxxx, itamar@xxxxxxxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, xavier@xxxxxxxxxxxx The Bugzilla project reports: Class: Command Injection Versions: All versions before 4.0.16, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to 4.5.6 Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1 Description: Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065 CVE Number: CVE-2014-8630 External references: http://www.bugzilla.org/security/4.0.15/ -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wv1CAf1O1K&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
