| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
MFH: 2014Q2
Notes:
svn path=/head/; revision=351700
|
|
|
|
|
|
|
| |
- Update WWW line in pkg-descr
Notes:
svn path=/head/; revision=332098
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
Notes:
svn path=/head/; revision=330666
|
|
|
|
|
|
|
| |
- remove bugzilla3 CONFLICTS
Notes:
svn path=/head/; revision=328405
|
|
|
|
|
|
|
| |
japanese)
Notes:
svn path=/head/; revision=327737
|
|
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44
Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html
Notes:
svn path=/head/; revision=321429
|