diff options
| -rw-r--r-- | devel/bugzilla/Makefile | 9 | ||||
| -rw-r--r-- | devel/bugzilla/distinfo | 4 | ||||
| -rw-r--r-- | devel/bugzilla3/Makefile | 9 | ||||
| -rw-r--r-- | devel/bugzilla3/distinfo | 4 | ||||
| -rw-r--r-- | devel/bugzilla42/Makefile | 9 | ||||
| -rw-r--r-- | german/bugzilla/Makefile | 16 | ||||
| -rw-r--r-- | german/bugzilla3/Makefile | 16 | ||||
| -rw-r--r-- | german/bugzilla42/Makefile | 13 | ||||
| -rw-r--r-- | german/bugzilla42/files/patch-402-403 | 103 | ||||
| -rw-r--r-- | japanese/bugzilla/Makefile | 14 | ||||
| -rw-r--r-- | japanese/bugzilla3/Makefile | 14 | ||||
| -rw-r--r-- | japanese/bugzilla42/Makefile | 5 | ||||
| -rw-r--r-- | russian/bugzilla/Makefile | 14 | ||||
| -rw-r--r-- | russian/bugzilla3/Makefile | 14 | ||||
| -rw-r--r-- | russian/bugzilla42/Makefile | 5 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 50 |
16 files changed, 222 insertions, 77 deletions
diff --git a/devel/bugzilla/Makefile b/devel/bugzilla/Makefile index 9122fab8ac01..8ba49f1d3095 100644 --- a/devel/bugzilla/Makefile +++ b/devel/bugzilla/Makefile @@ -1,17 +1,12 @@ -# New ports collection makefile for: bugzilla -# Date created: 28 September 2001 -# Whom: Alexey Zelkin <phantom@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= bugzilla -PORTVERSION= 4.0.7 +PORTVERSION= 4.0.8 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived -MAINTAINER= skv@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Bug-tracking system developed by Mozilla Project LICENSE= MPL diff --git a/devel/bugzilla/distinfo b/devel/bugzilla/distinfo index bdb9989216fa..7a9b873bcfba 100644 --- a/devel/bugzilla/distinfo +++ b/devel/bugzilla/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.0.7.tar.gz) = edf3de89b8e6f16bdeaab4ef6b92902f6ed621bf2fcbc64430169ecf1004cfaf -SIZE (bugzilla/bugzilla-4.0.7.tar.gz) = 2801595 +SHA256 (bugzilla/bugzilla-4.0.8.tar.gz) = 0d44ab29863ffe6ef7637f078c31e52805f1b2ff0ff4f5c39a0d7daebe326b0c +SIZE (bugzilla/bugzilla-4.0.8.tar.gz) = 2801982 diff --git a/devel/bugzilla3/Makefile b/devel/bugzilla3/Makefile index 55a4389dfd20..58e8b4fccea9 100644 --- a/devel/bugzilla3/Makefile +++ b/devel/bugzilla3/Makefile @@ -1,17 +1,12 @@ -# New ports collection makefile for: bugzilla -# Date created: 28 September 2001 -# Whom: Alexey Zelkin <phantom@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= bugzilla -PORTVERSION= 3.6.10 +PORTVERSION= 3.6.11 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived -MAINTAINER= skv@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Bug-tracking system developed by Mozilla Project LICENSE= MPL diff --git a/devel/bugzilla3/distinfo b/devel/bugzilla3/distinfo index cf6decd1bd28..1b8ee555c2af 100644 --- a/devel/bugzilla3/distinfo +++ b/devel/bugzilla3/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-3.6.10.tar.gz) = 97ba98a18dd71541bed94a2c58225a9ca621bf28a384d1dc9bdaeb792642b305 -SIZE (bugzilla/bugzilla-3.6.10.tar.gz) = 2508723 +SHA256 (bugzilla/bugzilla-3.6.11.tar.gz) = 01b99ec5b1e6efc9d0a0352ebe2ea6e8b8c7471a3f4dd80c3b99b5be575c4585 +SIZE (bugzilla/bugzilla-3.6.11.tar.gz) = 2509551 diff --git a/devel/bugzilla42/Makefile b/devel/bugzilla42/Makefile index b5332060130c..4e845b908f54 100644 --- a/devel/bugzilla42/Makefile +++ b/devel/bugzilla42/Makefile @@ -1,17 +1,12 @@ -# New ports collection makefile for: bugzilla -# Date created: 28 September 2001 -# Whom: Alexey Zelkin <phantom@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= bugzilla -PORTVERSION= 4.2.2 +PORTVERSION= 4.2.3 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived -MAINTAINER= ohauer@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Bug-tracking system developed by Mozilla Project LICENSE= MPL diff --git a/german/bugzilla/Makefile b/german/bugzilla/Makefile index 79a884acf1d4..f3acffcd21c3 100644 --- a/german/bugzilla/Makefile +++ b/german/bugzilla/Makefile @@ -1,18 +1,14 @@ -# New ports collection makefile for: de-bugzilla -# Date created: 2011-06-11 -# Whom: Olli Hauer <ohauer@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 4.0.7 +PORTREVISION= 1 CATEGORIES= german MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION} DISTNAME= germzilla-${PORTVERSION}-1.utf-8 -MAINTAINER= ohauer@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= German localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla @@ -25,6 +21,14 @@ NO_WRKSUBDIR= yes LANGDIR= ${WWWDIR}/template/de +post-patch: + ${REINPLACE_CMD} -i '' -e '/abbrev/d' \ + ${WRKDIR}/de/default/filterexceptions.pl + ${REINPLACE_CMD} -i '' -e 's/column.title -%/column.title FILTER html -%/' \ + ${WRKDIR}/de/default/list/table.html.tmpl + ${REINPLACE_CMD} -i '' -e 's/4.0.7/4.0.8/' \ + ${WRKDIR}/de/default/global/gzversion.html.tmpl + do-install: @-${MKDIR} ${LANGDIR} @(cd ${WRKSRC}/de && ${COPYTREE_SHARE} . ${LANGDIR}) diff --git a/german/bugzilla3/Makefile b/german/bugzilla3/Makefile index 97568169012a..225ab8b4d382 100644 --- a/german/bugzilla3/Makefile +++ b/german/bugzilla3/Makefile @@ -1,18 +1,14 @@ -# New ports collection makefile for: de-bugzilla -# Date created: 2011-06-11 -# Whom: Olli Hauer <ohauer@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 3.6.10 +PORTREVISION= 1 CATEGORIES= german MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION} DISTNAME= germzilla-${PORTVERSION}-1.utf-8 -MAINTAINER= ohauer@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= German localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla3 @@ -25,6 +21,14 @@ NO_WRKSUBDIR= yes LANGDIR= ${WWWDIR}/template/de +post-patch: + ${REINPLACE_CMD} -i '' -e '/abbrev/d' \ + ${WRKDIR}/de/default/filterexceptions.pl + ${REINPLACE_CMD} -i '' -e 's/column.title -%/column.title FILTER html -%/' \ + ${WRKDIR}/de/default/list/table.html.tmpl + ${REINPLACE_CMD} -i '' -e 's/3.6.10/3.6.11/' \ + ${WRKDIR}/de/default/global/gzversion.html.tmpl + do-install: @-${MKDIR} ${LANGDIR} @(cd ${WRKSRC}/de && ${COPYTREE_SHARE} . ${LANGDIR}) diff --git a/german/bugzilla42/Makefile b/german/bugzilla42/Makefile index 34121eeb3e8c..cd65a95db96a 100644 --- a/german/bugzilla42/Makefile +++ b/german/bugzilla42/Makefile @@ -1,18 +1,14 @@ -# New ports collection makefile for: de-bugzilla -# Date created: 2011-06-11 -# Whom: Olli Hauer <ohauer@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 4.2.2 +PORTREVISION= 1 CATEGORIES= german MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION} DISTNAME= germzilla-${PORTVERSION}-1.utf-8 -MAINTAINER= ohauer@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= German localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 @@ -25,6 +21,11 @@ NO_WRKSUBDIR= yes LANGDIR= ${WWWDIR}/template/de +post-patch: + @${REINPLACE_CMD} -i '' -e 's/4.2.2/4.2.3/' \ + ${WRKDIR}/de/default/global/gzversion.html.tmpl + @${FIND} ${WRKDIR} -type f -name \*.orig -delete + do-install: @-${MKDIR} ${LANGDIR} @(cd ${WRKSRC}/de && ${COPYTREE_SHARE} . ${LANGDIR}) diff --git a/german/bugzilla42/files/patch-402-403 b/german/bugzilla42/files/patch-402-403 new file mode 100644 index 000000000000..ea3f6a49ad70 --- /dev/null +++ b/german/bugzilla42/files/patch-402-403 @@ -0,0 +1,103 @@ +--- ./de/default/account/auth/login-small.html.tmpl.orig 2012-09-01 20:37:40.000000000 +0200 ++++ ./de/default/account/auth/login-small.html.tmpl 2012-09-01 20:40:14.000000000 +0200 +@@ -38,8 +38,8 @@ + [% IF cgi.request_method == "GET" AND cgi.query_string %] + [% connector = "&" %] + [% END %] +- [% script_name = login_target _ connector _ "GoAheadAndLogIn=1" %] +- <a id="login_link[% qs_suffix %]" href="[% script_name FILTER html %]" ++ [% script_url = login_target _ connector _ "GoAheadAndLogIn=1" %] ++ <a id="login_link[% qs_suffix %]" href="[% script_url FILTER html %]" + onclick="return show_mini_login_form('[% qs_suffix %]')">Anmelden</a> + + [% Hook.process('additional_methods') %] +@@ -116,7 +116,7 @@ + </li> + <li id="forgot_container[% qs_suffix %]"> + <span class="separator">| </span> +- <a id="forgot_link[% qs_suffix %]" href="[% script_name FILTER html %]#forgot" ++ <a id="forgot_link[% qs_suffix %]" href="[% script_url FILTER html %]#forgot" + onclick="return show_forgot_form('[% qs_suffix %]')">Passwort vergessen</a> + <form action="token.cgi" method="post" id="forgot_form[% qs_suffix %]" + class="mini_forgot bz_default_hidden"> +@@ -125,6 +125,7 @@ + <input id="forgot_button[% qs_suffix %]" value="Neues Passwort anfordern" + type="submit"> + <input type="hidden" name="a" value="reqpw"> ++ <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> + <a href="#" onclick="return hide_forgot_form('[% qs_suffix %]')">[x]</a> + </form> + </li> +--- ./de/default/account/auth/login.html.tmpl.orig 2012-09-01 20:41:03.000000000 +0200 ++++ ./de/default/account/auth/login.html.tmpl 2012-09-01 20:41:54.000000000 +0200 +@@ -122,6 +122,7 @@ + [%+ terms.Bugzilla %] sendet dann an die Adresse ein sogenanntes Token + zur Änderung Ihres Passworts.<br /> + <input size="35" name="loginname"> ++ <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> + <input type="submit" id="request" value="Neues Passwort vergeben"> + </form> + [% END %] +--- ./de/default/filterexceptions.pl.orig 2012-09-01 20:42:25.000000000 +0200 ++++ ./de/default/filterexceptions.pl 2012-09-01 20:42:47.000000000 +0200 +@@ -156,7 +156,6 @@ + 'list/table.html.tmpl' => [ + 'tableheader', + 'bug.bug_id', +- 'abbrev.$id.title || field_descs.$id || column.title', + ], + + 'list/list.csv.tmpl' => [ +--- ./de/default/global/user-error.html.tmpl.orig 2012-09-01 20:54:02.000000000 +0200 ++++ ./de/default/global/user-error.html.tmpl 2012-09-01 20:59:47.000000000 +0200 +@@ -1287,10 +1287,10 @@ + [% docslinks = {'query.html' => "Nach $terms.bugs suchen", + 'query.html#list' => "${terms.Bug}listen"} %] + [% IF sharer_id && sharer_id != user.id %] +- Die Suche mit dem Namen „[% queryname FILTER html %]“ ist nicht für Sie ++ Die Suche mit dem Namen „[% name FILTER html %]“ ist nicht für Sie + sichtbar gemacht worden. + [% ELSE %] +- Es existiert keine Suche mit dem Namen „[% queryname FILTER html %]“. ++ Es existiert keine Suche mit dem Namen „[% name FILTER html %]“. + [% END %] + + [% ELSIF error == "missing_resolution" %] +--- ./de/default/list/table.html.tmpl.orig 2012-09-01 21:00:43.000000000 +0200 ++++ ./de/default/list/table.html.tmpl 2012-09-01 21:01:34.000000000 +0200 +@@ -135,7 +135,7 @@ + [% PROCESS new_order %] + [%-#%]&query_based_on= + [% defaultsavename OR searchname FILTER uri %]"> +- [%- abbrev.$id.title || field_descs.$id || column.title -%] ++ [%- abbrev.$id.title || field_descs.$id || column.title FILTER html -%] + [% PROCESS order_arrow ~%] + </a> + </th> +--- ./de/default/search/search-advanced.html.tmpl.orig 2012-09-01 21:02:18.000000000 +0200 ++++ ./de/default/search/search-advanced.html.tmpl 2012-09-01 21:05:22.000000000 +0200 +@@ -33,7 +33,13 @@ + + + [% js_data = BLOCK %] +-var queryform = "queryform" ++var queryform = "queryform"; ++function remove_token() { ++ if (queryform.token) { ++ var asDefault = document.getElementById('remasdefault'); ++ queryform.token.disabled = !asDefault.checked; ++ } ++} + [% END %] + + [% PROCESS global/header.html.tmpl +@@ -65,7 +71,8 @@ + <p id="search_help">Fahren Sie mit dem Mauszeiger über eine Feldbezeichnung, + um sich Hilfetexte zum Feld anzeigen zu lassen.</p> + +-<form method="post" action="buglist.cgi" name="queryform" id="queryform"> ++<form method="post" action="buglist.cgi" name="queryform" id="queryform" ++ onsubmit="remove_token()"> + + [% PROCESS search/form.html.tmpl %] + diff --git a/japanese/bugzilla/Makefile b/japanese/bugzilla/Makefile index e665a7a98268..ed1dbf651ebb 100644 --- a/japanese/bugzilla/Makefile +++ b/japanese/bugzilla/Makefile @@ -1,19 +1,15 @@ -# New ports collection makefile for: ja-bugzilla -# Date created: 2004-01-19 -# Whom: TAKATSU Tomonari <tota@rtfm.jp> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 4.0.7 +PORTREVISION= 1 CATEGORIES= japanese MASTER_SITES= http://bug-ja.org/releases/4.0/ \ LOCAL MASTER_SITE_SUBDIR= tota/bugzilla-ja DISTNAME= Bugzilla-ja-${PORTVERSION}-template-rel01 -MAINTAINER= tota@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla @@ -26,6 +22,12 @@ USE_BZIP2= yes LANGDIR= ${WWWDIR}/template/ja +post-patch: + ${REINPLACE_CMD} -i '' -e '/abbrev/d' \ + ${WRKDIR}/default/filterexceptions.pl + ${REINPLACE_CMD} -i '' -e 's/column.title -%/column.title FILTER html -%/' \ + ${WRKDIR}/default/list/table.html.tmpl + do-install: @-${MKDIR} ${LANGDIR}/default @cd ${WRKDIR}/default; ${COPYTREE_SHARE} . ${LANGDIR}/default diff --git a/japanese/bugzilla3/Makefile b/japanese/bugzilla3/Makefile index 58e2ecd931c9..a4147ec4823a 100644 --- a/japanese/bugzilla3/Makefile +++ b/japanese/bugzilla3/Makefile @@ -1,19 +1,15 @@ -# New ports collection makefile for: ja-bugzilla -# Date created: 2004-01-19 -# Whom: TAKATSU Tomonari <tota@rtfm.jp> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 3.6.10 +PORTREVISION= 1 CATEGORIES= japanese MASTER_SITES= http://bug-ja.org/releases/3.6/ \ LOCAL MASTER_SITE_SUBDIR= tota/bugzilla-ja DISTNAME= Bugzilla-ja-${PORTVERSION}-template-rel01 -MAINTAINER= tota@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla3 @@ -28,6 +24,12 @@ USE_BZIP2= yes LANGDIR= ${WWWDIR}/template/ja +post-patch: + ${REINPLACE_CMD} -i '' -e '/abbrev/d' \ + ${WRKDIR}/default/filterexceptions.pl + ${REINPLACE_CMD} -i '' -e 's/column.title -%/column.title FILTER html -%/' \ + ${WRKDIR}/default/list/table.html.tmpl + do-install: @-${MKDIR} ${LANGDIR}/default @cd ${WRKDIR}/default; ${COPYTREE_SHARE} . ${LANGDIR}/default diff --git a/japanese/bugzilla42/Makefile b/japanese/bugzilla42/Makefile index 74d7aaebed05..6c54fb370393 100644 --- a/japanese/bugzilla42/Makefile +++ b/japanese/bugzilla42/Makefile @@ -1,9 +1,4 @@ -# New ports collection makefile for: ja-bugzilla -# Date created: 2004-01-19 -# Whom: TAKATSU Tomonari <tota@rtfm.jp> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 4.2.2 diff --git a/russian/bugzilla/Makefile b/russian/bugzilla/Makefile index 381ec59ed4d6..3e245dfe926a 100644 --- a/russian/bugzilla/Makefile +++ b/russian/bugzilla/Makefile @@ -1,18 +1,14 @@ -# New ports collection makefile for: bugzilla-ru -# Date created: 28 Jul 2008 -# Whom: Sergey Skvortsov <skv@protey.ru> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 4.0.7 +PORTREVISION= 1 CATEGORIES= russian MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-ru/bugzilla-${PORTVERSION:R}-ru/${PORTVERSION} DISTNAME= bugzilla-${PORTVERSION}-ru-20120809 -MAINTAINER= skv@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Russian localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla @@ -21,6 +17,12 @@ WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru .include "${.CURDIR}/../../devel/bugzilla/Makefile.common" +post-patch: + ${REINPLACE_CMD} -i '' -e '/abbrev/d' \ + ${WRKSRC}/template/ru-RU/default/filterexceptions.pl + ${REINPLACE_CMD} -i '' -e 's/column.title -%/column.title FILTER html -%/' \ + ${WRKSRC}/template/ru-RU/default/list/table.html.tmpl + do-install: ${MKDIR} ${WWWDIR} (cd ${WRKSRC}/ && ${PAX} -r -w * ${WWWDIR}) diff --git a/russian/bugzilla3/Makefile b/russian/bugzilla3/Makefile index a9be46f5876e..ff87aa1e72b3 100644 --- a/russian/bugzilla3/Makefile +++ b/russian/bugzilla3/Makefile @@ -1,18 +1,14 @@ -# New ports collection makefile for: bugzilla-ru -# Date created: 28 Jul 2008 -# Whom: Sergey Skvortsov <skv@protey.ru> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 3.6.10 +PORTREVISION= 1 CATEGORIES= russian MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-ru/bugzilla-${PORTVERSION:R}-ru/${PORTVERSION} DISTNAME= bugzilla-${PORTVERSION}-ru-20120809 -MAINTAINER= skv@FreeBSD.org +MAINTAINER= bugzilla@FreeBSD.org COMMENT= Russian localization for Bugzilla RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla3 @@ -23,6 +19,12 @@ WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru LATEST_LINK= ${PKGNAMEPREFIX}bugzilla3 +post-patch: + ${REINPLACE_CMD} -i '' -e '/abbrev/d' \ + ${WRKSRC}/template/ru-RU/default/filterexceptions.pl + ${REINPLACE_CMD} -i '' -e 's/column.title -%/column.title FILTER html -%/' \ + ${WRKSRC}/template/ru-RU/default/list/table.html.tmpl + do-install: ${MKDIR} ${WWWDIR} (cd ${WRKSRC}/ && ${PAX} -r -w * ${WWWDIR}) diff --git a/russian/bugzilla42/Makefile b/russian/bugzilla42/Makefile index d188ae0e1bb8..f858b484321e 100644 --- a/russian/bugzilla42/Makefile +++ b/russian/bugzilla42/Makefile @@ -1,9 +1,4 @@ -# New ports collection makefile for: bugzilla-ru -# Date created: 28 Jul 2008 -# Whom: Sergey Skvortsov <skv@protey.ru> -# # $FreeBSD$ -# PORTNAME= bugzilla PORTVERSION= 4.2.2 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 06e234876fcf..824c15a1afe1 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,56 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6ad18fe5-f469-11e1-920d-20cf30e32f6d"> + <topic>bugzilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bugzilla</name> + <range><ge>3.6.0</ge><lt>3.6.11</lt></range> + <range><ge>4.0.0</ge><lt>4.0.8</lt></range> + <range><ge>4.2.0</ge><lt>4.2.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>A Bugzilla Security Advisory reports:</h1> + <blockquote cite="http://www.bugzilla.org/security/3.6.10/"> + <p>The following security issues have been discovered in + Bugzilla:</p> + <h1>LDAP Injection</h1> + <p>When the user logs in using LDAP, the username is not + escaped when building the uid=$username filter which is + used to query the LDAP directory. This could potentially + lead to LDAP injection.</p> + <h1>Directory Browsing</h1> + <p>Extensions are not protected against directory browsing + and users can access the source code of the templates + which may contain sensitive data. + Directory browsing is blocked in Bugzilla 4.3.3 only, + because it requires a configuration change in the Apache + httpd.conf file to allow local .htaccess files to use + Options -Indexes. To not break existing installations, + this fix has not been backported to stable branches. + The access to templates is blocked for all supported + branches except the old 3.6 branch, because this branch + doesn't have .htaccess in the bzr repository and cannot + be fixed easily for existing installations without + potentially conflicting with custom changes.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3981</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=785470</url> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=785522</url> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=785511</url> + </references> + <dates> + <discovery>2012-08-30</discovery> + <entry>2012-09-01</entry> + </dates> + </vuln> + <vuln vid="342176a8-f464-11e1-8bd8-0022156e8794"> <topic>GNU gatekeeper -- denial of service</topic> <affects> |