K 10
svn:author
V 6
ohauer
K 8
svn:date
V 27
2014-07-25T14:15:55.848901Z
K 7
svn:log
V 756
- update to bugzilla44-4.4.5

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.

http://www.bugzilla.org/security/4.0.13/

MFH:		2014Q3
Security:	9defb2d6-1404-11e4-8cae-20cf30e32f6d
		CVE-2014-1546

END