non port: devel/bugzilla42/pkg-plist |
Number of commits found: 4 |
Thursday, 17 Oct 2013
|
19:35 ohauer
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is
recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
|
Thursday, 23 May 2013
|
21:49 ohauer
- update bugzilla42 to version 4.2.6 (bugfix release)
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3
The following important fixes/changes have been made in this release:
o MySQL 5.6 is now supported. (Bug 852560)
o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
installing Bugzilla for the first time. (Bug 858911)
o If a custom field depends on a product, component or classification,
the "mandatory" bit was ignored on bug creation. (Bug 782210)
o Queries involving flags were broken in several ways.
These queries have been fixed. (Bug 828344)
o Tabular reports involving the empty resolution did not link bug
counts correctly. (Bug 212471)
o The Bug.search WebService method was returning all visible bugs
when called with no arguments, ignoring the max_search_results
and search_allow_no_criteria parameters. (Bug 859118)
Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html
|
Saturday, 28 Jul 2012
|
16:25 ohauer
- pkgng: cosmetic fix against lstat messages
|
Tuesday, 24 Jul 2012
|
21:37 ohauer
- new port bugzilla42
New Features and Improvements:
- Experimental SQLite Support
- Creating an Attachment by Pasting Text Into a Text Field
- HTML Bugmail (default: on can be disabled in user preference)
- Improved Searching System
- Disabling Old Components, Versions and Milestones
- Displaying a Custom Field Value Based on Multiple Values of Another Field
- Auditing of All Changes Within Bugzilla
- Accessibility Improvements
And many other Improvements, for complete list see:
http://www.bugzilla.org/releases/4.2.1/release-notes.html
|
Number of commits found: 4 |