Dave Miller

**Name of the Vulnerable Software and Affected Versions** Sendmail versions 8.13.1-2 and earlier on Red Hat Enterprise Linux 4 Update 4 and earlier **Description** The issue is related to the inability to disable SSLv2 encryption, potentially leading to less secure communication channels being used. **Recommendations** For Sendmail version 8.13.1-2 and earlier, consider disabling SSLv2 encryption manually through configuration changes to minimize the risk of using less secure channels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions prior to 2.22.1 Bugzilla versions 2.23.x prior to 2.23.3 **Description** A cross-site request forgery (CSRF) issue exists, allowing user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. **Recommendations** For versions prior to 2.22.1, update to version 2.22.1 or later. For versions 2.23.x prior to 2.23.3, update to version 2.23.3 or later.