Summary
=======
The following security issues have been discovered in Bugzilla:
* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
the insider group
* Specially formatted values in a CSV search results export could be
used in spreadsheet software to attack a user's computer.
Security: CVE-2014-1572
CVE-2014-1571
CVE-2014-1571
Changes since approx. 2012-06-09:
Tue Jul 8 14:51:13 EDT 2014
Mods for packaging for ubuntu, redhat, etc....
Added debian and pkg directories, mods to spec file.
Tue Jun 17 10:42:07 EDT 2014
Update and Fixes for remote argus data filter support
Mon Jun 9 20:18:12 EDT 2014
Changes for netflow packet parsing to fix netflow in clients.
Mon May 12 15:46:24 EDT 2014
Fixes for wild metric counts in new flow data.
Update filter logic to be consistent with client filters.
Modifications for timeout issues when in non-select polling.
Wed Dec 11 16:50:25 EST 2013
Fix for source id type assignement from commandline
Change for compiler timeout values
Mon Nov 25 12:11:47 EST 2013
Fixes for ARP direction processing
Back out of duplicate packet tracking logic
Thu Oct 17 15:45:31 EDT 2013
Mods for duplicate packet reporting
Thu Aug 22 08:39:26 EDT 2013
Modify configure.ac for pcap_dump_flush for older libpcaps
Mon Jul 22 16:09:35 EDT 2013
Modify timeouts within "nonselectable" packet processing loop.
Tue Jul 9 22:24:01 EDT 2013
Use VID for the VLAN identifer for the key.
Tue Jun 18 23:39:12 EDT 2013
Fix syslog while daemonized
Tue Jun 11 16:42:18 EDT 2013
Remove nanosleep() to improve performance.
Thu Apr 4 16:38:50 EDT 2013
Major addtions for SDN tracking. New Flow model specifications in argus.conf.
Wed Mar 6 16:33:47 EST 2013
Fixes for solaris port, to avoid scheduling problems with record timeouts
Fri Oct 19 13:14:13 EDT 2012
Fix documentation in ./include/argus_def.h to get Cause and Vers in right order.
Mon Oct 8 17:17:39 EDT 2012
Fix for argus TCP state machine issue with very out of order
SYN, SYN_ACK, RST volleys.
Thu Jun 21 15:33:22 EDT 2012
Fix for country code aggregation problem, where dst co would be zero'd out.
Mon Jun 11 16:07:53 EDT 2012
Fix for ArgusOutput deadlock, when congested.
Mon Jun 09 08:21:16 EDT 2012
Netflow V9 support transitioned and mostly integrated.
Need more packet data.
PR: 193566
Submitted by: Paul Schmehl <pauls@utdallas.edu> (maintainer)
