From owner-cvs-all@FreeBSD.ORG  Tue Apr 10 05:15:48 2012
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 427CF106564A;
	Tue, 10 Apr 2012 05:15:48 +0000 (UTC)
	(envelope-from ohauer@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 2D0428FC16;
	Tue, 10 Apr 2012 05:15:48 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id q3A5FmmO096078;
	Tue, 10 Apr 2012 05:15:48 GMT
	(envelope-from ohauer@repoman.freebsd.org)
Received: (from ohauer@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id q3A5FmFo096077;
	Tue, 10 Apr 2012 05:15:48 GMT (envelope-from ohauer)
Message-Id: <201204100515.q3A5FmFo096077@repoman.freebsd.org>
From: Olli Hauer <ohauer@FreeBSD.org>
Date: Tue, 10 Apr 2012 05:15:48 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/devel/bugzilla Makefile distinfo
 ports/german/bugzilla Makefile distinfo ports/russian/bugzilla-ru
 Makefile distinfo pkg-plist
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 05:15:48 -0000

ohauer      2012-04-10 05:15:48 UTC

  FreeBSD ports repository

  Modified files:
    devel/bugzilla       Makefile distinfo 
    german/bugzilla      Makefile distinfo 
    russian/bugzilla-ru  Makefile distinfo pkg-plist 
  Log:
  - update to 4.0.5
  
  Vulnerability Details
  =====================
  
  Class:       Cross-Site Request Forgery
  Versions:    4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
  Fixed In:    4.0.5, 4.2
  Description: Due to a lack of validation of the enctype form
               attribute when making POST requests to xmlrpc.cgi,
               a possible CSRF vulnerability was discovered. If a user
               visits an HTML page with some malicious HTML code in it,
               an attacker could make changes to a remote Bugzilla installation
               on behalf of the victim's account by using the XML-RPC API
               on a site running mod_perl. Sites running under mod_cgi
               are not affected. Also the user would have had to be
               already logged in to the target site for the vulnerability
               to work.
  References:  https://bugzilla.mozilla.org/show_bug.cgi?id=725663
  CVE Number:  CVE-2012-0453
  
  Approved by:    skv (implicit)
  
  Revision  Changes    Path
  1.92      +1 -1      ports/devel/bugzilla/Makefile
  1.49      +2 -2      ports/devel/bugzilla/distinfo
  1.6       +1 -1      ports/german/bugzilla/Makefile
  1.5       +2 -2      ports/german/bugzilla/distinfo
  1.15      +3 -2      ports/russian/bugzilla-ru/Makefile
  1.10      +2 -2      ports/russian/bugzilla-ru/distinfo
  1.7       +0 -1      ports/russian/bugzilla-ru/pkg-plist