FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

non port: head/devel/bugzilla44/distinfo
SVNWeb

Number of commits found: 13

Tue, 17 May 2016
[ 18:35 ohauer ] Original commit   Revision:415408
415408 devel/bugzilla44/Makefile
415408 devel/bugzilla44/distinfo
- update to 4.4.12

Security:	CVE-2016-2803
Security:	036d6c38-1c5b-11e6-b9e0-20cf30e32f6d
Wed, 23 Dec 2015
[ 11:25 ohauer ] Original commit   Revision:404285
404285 devel/bugzilla44/Makefile
404285 devel/bugzilla44/distinfo
404285 devel/bugzilla44/files/pkg-message.in
- update to 4.4.11

This release fixes two security issues.
See the Security Advisory for details. [1]

This release also contains the following bug fix:

 o mod_perl now works correctly with mod_access_compat turned off
   on Apache 2.4. The (incorrect) fix implemented in Bugzilla 4.4.9
   has been backed out. To regenerate the .htaccess files, you must
   first delete all existing ones in subdirectories:

    find . -mindepth 2 -name .htaccess -exec rm -f {} \;

   You must then run checksetup.pl again to recreate them with the
   correct syntax. (Bug 1223790)

[1] https://www.bugzilla.org/security/4.2.15/

MFH:		2015Q4
Security:	CVE-2015-8508
		CVE-2015-8509
		vid="54075861-a95a-11e5-8b40-20cf30e32f6d"
Mon, 14 Sep 2015
[ 04:10 ohauer ] Original commit   Revision:396878
396878 devel/bugzilla44/Makefile
396878 devel/bugzilla44/distinfo
396878 devel/bugzilla50/Makefile
396878 devel/bugzilla50/distinfo
396878 german/bugzilla44/Makefile
- update bugzilla ports to 5.0.1 / 4.4.10

o Users whose login name is not an email address could not log in on
  installations which use LDAP to authenticate users.
o If a mandatory custom field was hidden, it was not possible to create a
  new bug or to edit existing ones.
o A user editing his login name to point to a non-existent email address
  could cause Bugzilla to stop working, causing a denial of service.
o Emails generated during a transaction made PostgreSQL stop working.
o Bugs containing a comment with a reference to a bug ID larger than 2^31
  could not be displayed anymore using PostgreSQL.
o Emails sent by Bugzilla are now correctly encoded as UTF-8.
o The date picker in the "Time Summary" page was broken.
o If Test::Taint or any other Perl module required to use the JSON-RPC API
  was not installed or was too old, the UI to tag comments was displayed
  anyway, you could tag comments, but tags were not persistent (they were
  lost on page reload). Now the UI to tag comments is not displayed at all
  until the missing Perl modules are installed and up-to-date.
o Custom fields of type INTEGER now accept negative integers.

MFH:		2015Q3
Security:	CVE-2015-4499
Security:	ea893f06-5a92-11e5-98c0-20cf30e32f6d
Sun, 31 May 2015
[ 16:07 ohauer ] Original commit   Revision:388117
388117 devel/bugzilla44/Makefile
388117 devel/bugzilla44/Makefile.common
388117 devel/bugzilla44/Makefile.options
388117 devel/bugzilla44/distinfo
388117 devel/bugzilla44/pkg-plist
- update to 4.4.9
Tue, 27 Jan 2015
[ 21:33 ohauer ] Original commit   Revision:378023
378023 devel/bugzilla44/Makefile
378023 devel/bugzilla44/distinfo
- update to 4.4.8

Release Notes:
https://www.bugzilla.org/releases/4.4.8/release-notes.html

This releases contains the following bug fix:
 - Fixing a regression caused by bug 10902750 [1], JSON-RPC API calls could
   crash in certain cases instead of displaying the proper error message.
   (Bug 1124716) [2]

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124716

MFH:		2015Q1
Mon, 26 Jan 2015
[ 20:28 ohauer ] Original commit   Revision:377952
377952 devel/bugzilla44/Makefile
377952 devel/bugzilla44/distinfo
- update to 4.4.7
- adjust dependency

MFH:		2015Q1
Security:	dc2d76df-a595-11e4-9363-20cf30e32f6d
		CVE-2014-8630
Mon, 6 Oct 2014
[ 19:16 ohauer ] Original commit   Revision:370211
370211 devel/bugzilla44/Makefile
370211 devel/bugzilla44/distinfo
370211 devel/bugzilla44/pkg-plist
- update to bugzilla 4.4.6

Summary
=======
The following security issues have been discovered in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
  creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
  scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
  the insider group
* Specially formatted values in a CSV search results export could be
  used in spreadsheet software to attack a user's computer.

Security:	CVE-2014-1572
		CVE-2014-1571
		CVE-2014-1571
Fri, 25 Jul 2014
[ 14:15 ohauer ] Original commit   Revision:362911
362911 devel/bugzilla44/Makefile
362911 devel/bugzilla44/distinfo
362911 devel/bugzilla44/pkg-plist
- update to bugzilla44-4.4.5

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.

http://www.bugzilla.org/security/4.0.13/

MFH:		2014Q3
Security:	9defb2d6-1404-11e4-8cae-20cf30e32f6d
		CVE-2014-1546
Sun, 20 Apr 2014
[ 17:26 ohauer ] Original commit   Revision:351626
351626 devel/bugzilla40/Makefile
351626 devel/bugzilla40/distinfo
351626 devel/bugzilla42/Makefile
351626 devel/bugzilla42/distinfo
351626 devel/bugzilla44/Makefile
351626 devel/bugzilla44/distinfo
- update bugzilla to 4.4.4, 4.2.9, 4.0.13
- minor Makefile cleanup

This release fixes one regression introduced in Bugzilla by
security bug 968576: URLs in bug comments are displayed
correctly again. (Bug 998323)

Release Notes & Changes
=======================
Before installing or upgrading, you should read the Release Notes for
the new version of Bugzilla:

  4.4.4:  http://www.bugzilla.org/releases/4.4.4/release-notes.html
  4.2.9:  http://www.bugzilla.org/releases/4.2.9/release-notes.html
  4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html

MFH:		2014Q2
Fri, 18 Apr 2014
[ 18:54 ohauer ] Original commit   Revision:351558
351558 devel/bugzilla42/distinfo
351558 devel/bugzilla44/distinfo
- commit forgotten distinfo
[ 15:03 ohauer ] Original commit   Revision:351542
351542 devel/bugzilla40/Makefile
351542 devel/bugzilla40/Makefile.common
351542 devel/bugzilla40/distinfo
351542 devel/bugzilla42/Makefile
351542 devel/bugzilla42/Makefile.common
351542 devel/bugzilla42/distinfo
351542 devel/bugzilla44/Makefile
351542 devel/bugzilla44/Makefile.common
351542 devel/bugzilla44/distinfo
351542 devel/bugzilla44/pkg-plist
- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs

Security:	CVE-2014-1517
Security:	608ed765-c700-11e3-848c-20cf30e32f6d
Security:	60bfa396-c702-11e3-848c-20cf30e32f6d
Thu, 17 Oct 2013
[ 19:35 ohauer ] Original commit   Revision:330666
330666 MOVED
330666 devel/Makefile
330666 devel/bugzilla
330666 devel/bugzilla40
330666 devel/bugzilla40/Makefile
330666 devel/bugzilla40/Makefile.common
330666 devel/bugzilla40/Makefile.options
330666 devel/bugzilla40/distinfo
330666 devel/bugzilla40/pkg-plist
330666 devel/bugzilla42/Makefile

(Only the first 10 of 36 ports in this commit are shown above. View all ports for this commit)
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Thu, 20 Jun 2013
[ 22:21 ohauer ] Original commit   Revision:321429
321429 devel/Makefile
321429 devel/bugzilla44
321429 devel/bugzilla44/Makefile
321429 devel/bugzilla44/Makefile.common
321429 devel/bugzilla44/Makefile.options
321429 devel/bugzilla44/distinfo
321429 devel/bugzilla44/pkg-plist
321429 german/Makefile
321429 german/bugzilla44
321429 german/bugzilla44/Makefile

(Only the first 10 of 16 ports in this commit are shown above. View all ports for this commit)
New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44

Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html

Number of commits found: 13

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
eogAug 22
p5-PathTools*Aug 22
p5-XSLoader*Aug 22
perl5-devel*Aug 22
perl5-devel*Aug 22
perl5-devel*Aug 22
perl5.18*Aug 22
perl5.18*Aug 22
perl5.18*Aug 22
perl5.20*Aug 22
perl5.20*Aug 22
perl5.20*Aug 22
perl5.20*Aug 22
perl5.22*Aug 22
perl5.22*Aug 22

57 vulnerabilities affecting 92 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 26176
Broken 94
Deprecated 144
Ignore 363
Forbidden 0
Restricted 199
No CDROM 83
Vulnerable 65
Expired 16
Set to expire 130
Interactive 0
new 24 hours 14
new 48 hours14
new 7 days27
new fortnight45
new month117

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.