- update to version 3.6.7
- CVE-2011-3657
- CVE-2011-3667
Summary
=======
The following security issues have been discovered in Bugzilla:
* When viewing tabular or graphical reports as well as new charts,
an XSS vulnerability is possible in debug mode.
* The User.offer_account_by_email WebService method lets you create
a new user account even if the active authentication method forbids
users to create an account.
* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
lead to the creation of unwanted bug reports and attachments.
All affected installations are encouraged to upgrade as soon as possible.
Full Release Notes:
http://www.bugzilla.org/security/3.4.12/
Approved by: skv@ (explicit)