Date: Wed, 9 Oct 2002 18:58:10 -0700 (PDT) From: Jason Li <delphij@frontfree.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/43883: BugZilla contains multiple security holes which must be corrected or denied Message-ID: <200210100158.g9A1wABx056552@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 43883 >Category: ports >Synopsis: BugZilla contains multiple security holes which must be corrected or denied >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 09 19:00:13 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jason Li >Release: FreeBSD 4.7-STABLE >Organization: Frontfree Technology Network >Environment: FreeBSD mail.frontfree.net 4.7-STABLE FreeBSD 4.7-STABLE #11: Thu Oct 10 02:32:54 CST 2002 delphij@mail.frontfree.net:/usr/obj/usr/src/sys/MAIL i386 >Description: As said in BugZilla's homepage, All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.4 and 2.16.1, both released today. Security issues of varying importance have been fixed in both. These vulnerabilities affect all previous 2.14 and 2.16 releases. There're multiple security holes that must be solved by upgrading to the latest 2.16.1. >How-To-Repeat: This behavior is by design... >Fix: Do some changes in ports/devel/bugzilla. Considering the original port was 2.14.3, I think 2.14.4 would be better, so apply this patch on the port: --- Makefile.orig Thu Oct 10 09:44:18 2002 +++ Makefile Thu Oct 10 09:56:56 2002 @@ -2,11 +2,11 @@ # Date created: 28 September 2001 # Whom: Alexey Zelkin <phantom@FreeBSD.org> # -# $FreeBSD: ports/devel/bugzilla/Makefile,v 1.11 2002/08/18 15:33:46 phantom Exp $ +# $FreeBSD$ # PORTNAME= bugzilla -PORTVERSION= 2.14.3 +PORTVERSION= 2.14.4 CATEGORIES= devel MASTER_SITES= http://ftp.mozilla.org/pub/${MASTER_SITE_SUBDIR}/ \ ${MASTER_SITE_MOZILLA} --- distinfo.orig Thu Oct 10 09:44:25 2002 +++ distinfo Thu Oct 10 09:52:36 2002 @@ -1 +1 @@ -MD5 (bugzilla-2.14.3.tar.gz) = 17c80958f82be0027368390cd84e2a82 +MD5 (bugzilla-2.14.4.tar.gz) = 42461698e402b2225177f031bdfa7617 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210100158.g9A1wABx056552>