Summary
=======
The following security issues have been discovered in Bugzilla:
* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
the insider group
* Specially formatted values in a CSV search results export could be
used in spreadsheet software to attack a user's computer.
Security: CVE-2014-1572
CVE-2014-1571
CVE-2014-1571
6263943c18