Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Apr 2012 11:25:32 +0200
From:      olli hauer <ohauer@gmx.de>
To:        Baptiste Daroussin <bapt@FreeBSD.org>
Cc:        Olli Hauer <ohauer@FreeBSD.org>, cvs-ports@FreeBSD.org, ports-committers@FreeBSD.org
Subject:   Re: cvs commit: ports/devel/bugzilla Makefile distinfo ports/german/bugzilla Makefile distinfo ports/russian/bugzilla-ru Makefile distinfo pkg-plist
Message-ID:  <4F83FC8C.50905@gmx.de>
In-Reply-To: <20120410084800.GF90364@azathoth.lan>
References:  <201204100515.q3A5FmFo096077@repoman.freebsd.org> <20120410084800.GF90364@azathoth.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2012-04-10 10:48, Baptiste Daroussin wrote:
> would be nice to rename russian/buzilla-ru into russian/bugzilla to avoir having
> a package named: ru-bugzilla-ru
> 
> regards,
> Bapt

Hi Babt,

this was already discussed, see thread
http://lists.freebsd.org/pipermail/cvs-ports/2011-June/218322.html


--
Regards,
olli


> On Tue, Apr 10, 2012 at 05:15:48AM +0000, Olli Hauer wrote:
>> ohauer      2012-04-10 05:15:48 UTC
>>
>>   FreeBSD ports repository
>>
>>   Modified files:
>>     devel/bugzilla       Makefile distinfo 
>>     german/bugzilla      Makefile distinfo 
>>     russian/bugzilla-ru  Makefile distinfo pkg-plist 
>>   Log:
>>   - update to 4.0.5
>>   
>>   Vulnerability Details
>>   =====================
>>   
>>   Class:       Cross-Site Request Forgery
>>   Versions:    4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
>>   Fixed In:    4.0.5, 4.2
>>   Description: Due to a lack of validation of the enctype form
>>                attribute when making POST requests to xmlrpc.cgi,
>>                a possible CSRF vulnerability was discovered. If a user
>>                visits an HTML page with some malicious HTML code in it,
>>                an attacker could make changes to a remote Bugzilla installation
>>                on behalf of the victim's account by using the XML-RPC API
>>                on a site running mod_perl. Sites running under mod_cgi
>>                are not affected. Also the user would have had to be
>>                already logged in to the target site for the vulnerability
>>                to work.
>>   References:  https://bugzilla.mozilla.org/show_bug.cgi?id=725663
>>   CVE Number:  CVE-2012-0453
>>   
>>   Approved by:    skv (implicit)
>>   
>>   Revision  Changes    Path
>>   1.92      +1 -1      ports/devel/bugzilla/Makefile
>>   1.49      +2 -2      ports/devel/bugzilla/distinfo
>>   1.6       +1 -1      ports/german/bugzilla/Makefile
>>   1.5       +2 -2      ports/german/bugzilla/distinfo
>>   1.15      +3 -2      ports/russian/bugzilla-ru/Makefile
>>   1.10      +2 -2      ports/russian/bugzilla-ru/distinfo
>>   1.7       +0 -1      ports/russian/bugzilla-ru/pkg-plist

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F83FC8C.50905>