Launchpad CVE tracker

CVE 2007-0791

Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Related bugs and status

CVE-2007-0791 (Candidate) is related to these bugs:

Bug #131560: Merge bugzilla (2.22.1-2.1) from Debian unstable (main)

Summary				In	Importance	Status
	131560	Merge bugzilla (2.22.1-2.1) from Debian unstable (main)		bugzilla (Ubuntu)	Low	Fix Released

Bug #138886: [Needs packaging] Update request: Bugzilla version 3.0

Summary				In	Importance	Status
	138886	[Needs packaging] Update request: Bugzilla version 3.0		bugzilla (Ubuntu)	Wishlist	Fix Released
	138886	[Needs packaging] Update request: Bugzilla version 3.0		bugzilla (Debian)	Unknown	Fix Released

Bug #156405: bugzilla package containts unecessary dependency on MTA (sendmail etc)

Summary				In	Importance	Status
	156405	bugzilla package containts unecessary dependency on MTA (sendmail etc)		bugzilla (Ubuntu)	Undecided	Fix Released

Bug #235461: dependencies to perl modules missing

Summary				In	Importance	Status
	235461	dependencies to perl modules missing		bugzilla (Ubuntu)	Undecided	Fix Released

Bug #235701: bugzilla package outdated

Summary				In	Importance	Status
	235701	bugzilla package outdated		bugzilla (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-0791

References