From owner-cvs-all Tue Jan 8 3: 7:48 2002 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 68E4837B419; Tue, 8 Jan 2002 03:07:43 -0800 (PST) Received: (from phantom@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g08B7hY02265; Tue, 8 Jan 2002 03:07:43 -0800 (PST) (envelope-from phantom) Message-Id: <200201081107.g08B7hY02265@freefall.freebsd.org> From: Alexey Zelkin Date: Tue, 8 Jan 2002 03:07:43 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/devel/bugzilla Makefile X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG phantom 2002/01/08 03:07:43 PST Modified files: devel/bugzilla Makefile Log: * FORCED COMMIT SINCE PREVIOUS COMMIT WAS FAILED IN MIDDLE AND * MAIL NOTIFICATION WASN'T SEND Update to 2.14.1 (security update). Upgrade to all users highly recomended! From Security Advisory for Bugzilla: : *** SECURITY ISSUES RESOLVED *** : : - Multiple instances of user-account hijacking capability were fixed (Bugs : 54901, 108385, 185516) : : - Two occurrences of allowing data protected by Bugzilla's groupset : restrictions to be visible to users outside of those groups were fixes : (Bugs 102141, 108821) : : - One instance of an untrusted variable being echoed back to a user via : HTML was fixed (Bug 98146) : : - Multiple instances of untrusted variables being passed to SQL queries : were fixed (Bugs 108812, 108822, 109679, 109690) Revision Changes Path 1.7 +0 -0 ports/devel/bugzilla/Makefile To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message