From owner-cvs-all@FreeBSD.ORG  Thu Jan  5 17:25:06 2012
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 717A5106566C;
	Thu,  5 Jan 2012 17:25:06 +0000 (UTC)
	(envelope-from ohauer@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 460788FC16;
	Thu,  5 Jan 2012 17:25:06 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id q05HP6Bp013753;
	Thu, 5 Jan 2012 17:25:06 GMT
	(envelope-from ohauer@repoman.freebsd.org)
Received: (from ohauer@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id q05HP6gW013752;
	Thu, 5 Jan 2012 17:25:06 GMT (envelope-from ohauer)
Message-Id: <201201051725.q05HP6gW013752@repoman.freebsd.org>
From: Olli Hauer <ohauer@FreeBSD.org>
Date: Thu, 5 Jan 2012 17:25:06 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/devel/bugzilla3 Makefile distinfo pkg-plist
 ports/devel/bugzilla3/files patch-Bugzilla__WebService__Server__JSONRPC.pm
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 17:25:06 -0000

ohauer      2012-01-05 17:25:06 UTC

  FreeBSD ports repository

  Modified files:
    devel/bugzilla3      Makefile distinfo pkg-plist 
  Added files:
    devel/bugzilla3/files 
                          patch-Bugzilla__WebService__Server__JSONRPC.pm 
  Log:
  - update to version 3.6.7
  - CVE-2011-3657
  - CVE-2011-3667
  
  Summary
  =======
  
  The following security issues have been discovered in Bugzilla:
  
  * When viewing tabular or graphical reports as well as new charts,
    an XSS vulnerability is possible in debug mode.
  
  * The User.offer_account_by_email WebService method lets you create
    a new user account even if the active authentication method forbids
    users to create an account.
  
  * A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
    lead to the creation of unwanted bug reports and attachments.
  
  All affected installations are encouraged to upgrade as soon as possible.
  
  Full Release Notes:
  http://www.bugzilla.org/security/3.4.12/
  
  Approved by:    skv@ (explicit)
  
  Revision  Changes    Path
  1.88      +8 -8      ports/devel/bugzilla3/Makefile
  1.47      +2 -2      ports/devel/bugzilla3/distinfo
  1.1       +33 -0     ports/devel/bugzilla3/files/patch-Bugzilla__WebService__Server__JSONRPC.pm (new)
  1.38      +2 -1      ports/devel/bugzilla3/pkg-plist