Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Jan 2012 17:25:28 +0000 (UTC)
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/devel/bugzilla Makefile distinfo pkg-plist ports/devel/bugzilla/files patch-Bugzilla__Install__Requirements.pm patch-Bugzilla__WebService__Server__JSONRPC.pm
Message-ID:  <201201051725.q05HPS3S013873@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
ohauer      2012-01-05 17:25:28 UTC

  FreeBSD ports repository

  Modified files:
    devel/bugzilla       Makefile distinfo pkg-plist 
  Added files:
    devel/bugzilla/files 
                         patch-Bugzilla__WebService__Server__JSONRPC.pm 
  Removed files:
    devel/bugzilla/files patch-Bugzilla__Install__Requirements.pm 
  Log:
  - update to version 3.6.7
  - CVE-2011-3657
  - CVE-2011-3667
  
  Summary
  =======
  
  The following security issues have been discovered in Bugzilla:
  
  * When viewing tabular or graphical reports as well as new charts,
    an XSS vulnerability is possible in debug mode.
  
  * The User.offer_account_by_email WebService method lets you create
    a new user account even if the active authentication method forbids
    users to create an account.
  
  * A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
    lead to the creation of unwanted bug reports and attachments.
  
  All affected installations are encouraged to upgrade as soon as possible.
  
  Full Release Notes:
  http://www.bugzilla.org/security/3.4.12/
  
  Approved by:    skv@ (explicit)
  
  Revision  Changes    Path
  1.90      +8 -9      ports/devel/bugzilla/Makefile
  1.47      +2 -2      ports/devel/bugzilla/distinfo
  1.2       +0 -14     ports/devel/bugzilla/files/patch-Bugzilla__Install__Requirements.pm (dead)
  1.1       +33 -0     ports/devel/bugzilla/files/patch-Bugzilla__WebService__Server__JSONRPC.pm (new)
  1.41      +2 -1      ports/devel/bugzilla/pkg-plist



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201051725.q05HPS3S013873>