From owner-freebsd-ports Wed Oct 9 19: 0:16 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEC7237B401 for ; Wed, 9 Oct 2002 19:00:14 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0E0843E6E for ; Wed, 9 Oct 2002 19:00:13 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9A20DCo067663 for ; Wed, 9 Oct 2002 19:00:13 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9A20DBJ067662; Wed, 9 Oct 2002 19:00:13 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14CC337B401 for ; Wed, 9 Oct 2002 18:58:12 -0700 (PDT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4322143E88 for ; Wed, 9 Oct 2002 18:58:11 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g9A1wA7R056553 for ; Wed, 9 Oct 2002 18:58:10 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.6/8.12.6/Submit) id g9A1wABx056552; Wed, 9 Oct 2002 18:58:10 -0700 (PDT) Message-Id: <200210100158.g9A1wABx056552@www.freebsd.org> Date: Wed, 9 Oct 2002 18:58:10 -0700 (PDT) From: Jason Li To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: ports/43883: BugZilla contains multiple security holes which must be corrected or denied Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 43883 >Category: ports >Synopsis: BugZilla contains multiple security holes which must be corrected or denied >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 09 19:00:13 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jason Li >Release: FreeBSD 4.7-STABLE >Organization: Frontfree Technology Network >Environment: FreeBSD mail.frontfree.net 4.7-STABLE FreeBSD 4.7-STABLE #11: Thu Oct 10 02:32:54 CST 2002 delphij@mail.frontfree.net:/usr/obj/usr/src/sys/MAIL i386 >Description: As said in BugZilla's homepage, All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.4 and 2.16.1, both released today. Security issues of varying importance have been fixed in both. These vulnerabilities affect all previous 2.14 and 2.16 releases. There're multiple security holes that must be solved by upgrading to the latest 2.16.1. >How-To-Repeat: This behavior is by design... >Fix: Do some changes in ports/devel/bugzilla. Considering the original port was 2.14.3, I think 2.14.4 would be better, so apply this patch on the port: --- Makefile.orig Thu Oct 10 09:44:18 2002 +++ Makefile Thu Oct 10 09:56:56 2002 @@ -2,11 +2,11 @@ # Date created: 28 September 2001 # Whom: Alexey Zelkin # -# $FreeBSD: ports/devel/bugzilla/Makefile,v 1.11 2002/08/18 15:33:46 phantom Exp $ +# $FreeBSD$ # PORTNAME= bugzilla -PORTVERSION= 2.14.3 +PORTVERSION= 2.14.4 CATEGORIES= devel MASTER_SITES= http://ftp.mozilla.org/pub/${MASTER_SITE_SUBDIR}/ \ ${MASTER_SITE_MOZILLA} --- distinfo.orig Thu Oct 10 09:44:25 2002 +++ distinfo Thu Oct 10 09:52:36 2002 @@ -1 +1 @@ -MD5 (bugzilla-2.14.3.tar.gz) = 17c80958f82be0027368390cd84e2a82 +MD5 (bugzilla-2.14.4.tar.gz) = 42461698e402b2225177f031bdfa7617 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message