{"id":"MGASA-2015-0048","summary":"Updated bugzilla packages fix CVE-2014-8630","details":"Updated bugzilla packages fix security vulnerability:\n\nSome code in Bugzilla does not properly utilize 3 arguments form for open()\nand it is possible for an account with editcomponents permissions to inject\ncommands into product names and other attributes (CVE-2014-8630).\n","modified":"2026-04-16T06:23:19.360480119Z","published":"2015-01-31T13:23:52Z","upstream":["CVE-2014-8630"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0048.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15134"},{"type":"WEB","url":"http://www.bugzilla.org/security/4.0.15/"},{"type":"WEB","url":"http://www.bugzilla.org/releases/4.4.8/release-notes.html"}],"affected":[{"package":{"name":"bugzilla","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/bugzilla?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.8-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0048.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}