Date: Thu, 5 Jan 2012 17:25:28 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/devel/bugzilla Makefile distinfo pkg-plist ports/devel/bugzilla/files patch-Bugzilla__Install__Requirements.pm patch-Bugzilla__WebService__Server__JSONRPC.pm Message-ID: <201201051725.q05HPS3S013873@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
ohauer 2012-01-05 17:25:28 UTC
FreeBSD ports repository
Modified files:
devel/bugzilla Makefile distinfo pkg-plist
Added files:
devel/bugzilla/files
patch-Bugzilla__WebService__Server__JSONRPC.pm
Removed files:
devel/bugzilla/files patch-Bugzilla__Install__Requirements.pm
Log:
- update to version 3.6.7
- CVE-2011-3657
- CVE-2011-3667
Summary
=======
The following security issues have been discovered in Bugzilla:
* When viewing tabular or graphical reports as well as new charts,
an XSS vulnerability is possible in debug mode.
* The User.offer_account_by_email WebService method lets you create
a new user account even if the active authentication method forbids
users to create an account.
* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
lead to the creation of unwanted bug reports and attachments.
All affected installations are encouraged to upgrade as soon as possible.
Full Release Notes:
http://www.bugzilla.org/security/3.4.12/
Approved by: skv@ (explicit)
Revision Changes Path
1.90 +8 -9 ports/devel/bugzilla/Makefile
1.47 +2 -2 ports/devel/bugzilla/distinfo
1.2 +0 -14 ports/devel/bugzilla/files/patch-Bugzilla__Install__Requirements.pm (dead)
1.1 +33 -0 ports/devel/bugzilla/files/patch-Bugzilla__WebService__Server__JSONRPC.pm (new)
1.41 +2 -1 ports/devel/bugzilla/pkg-plist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201051725.q05HPS3S013873>