| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
Notes:
svn path=/head/; revision=330666
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove ja-bugzilla-2.* from CONFLICT entries of devel/bugzilla,
devel/bugzilla2 and russian/bugzilla-ru [2]
- Change MAINTAINER address from tota@rtfm.jp to tota@FreeBSD.org
[1] This port has been updated from the bugzilla Japanized patch to
bugzilla Japanese language pack installation, both of which are
maintained differently.
* Japanized patch is not actively maintained anymore.
* More sophisticated language pack framework has been introduced since
Bugzilla 3.0.
[2] This port no longer conflicts with those ports due to the new language
pack framework.
Approved by: maho (mentor)
Notes:
svn path=/head/; revision=251490
|
|
|
- Unbreak
PR: ports/78195
Submitted by: TAKATSU Tomonari <tota@rtfm.jp> (maintainer)
Notes:
svn path=/head/; revision=130223
|
