non port: devel/bugzilla44/pkg-plist |
Number of commits found: 8 |
Sunday, 31 May 2015
|
16:07 ohauer
- update to 4.4.9
|
Monday, 1 Dec 2014
|
23:19 ohauer
- list empty dirs (make qa-script happy)
- if PERL_LEVEL >= 501800, then also depend on devel/p5-Module-Pluggable
Module::Pluggable from perl5.18 complains about deprection and this way
cron job notice is no longer readable
- bump PORTREVISION
|
Monday, 27 Oct 2014
|
10:10 bapt
Cleanup plist
|
Monday, 6 Oct 2014
|
19:16 ohauer
- update to bugzilla 4.4.6
Summary
=======
The following security issues have been discovered in Bugzilla:
* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
the insider group
* Specially formatted values in a CSV search results export could be
used in spreadsheet software to attack a user's computer.
Security: CVE-2014-1572
CVE-2014-1571
CVE-2014-1571
|
Friday, 25 Jul 2014
|
14:15 ohauer
- update to bugzilla44-4.4.5
Vulnerability Details
=====================
Class: Cross Site Request Forgery
Versions: 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In: 4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
which allows remote attackers to conduct cross-site
request forgery (CSRF) attacks against Bugzilla's JSONP
endpoint, possibly obtaining sensitive bug information,
via a crafted OBJECT element with SWF content satisfying
the character-set requirements of a callback API.
http://www.bugzilla.org/security/4.0.13/
MFH: 2014Q3
Security: 9defb2d6-1404-11e4-8cae-20cf30e32f6d
CVE-2014-1546
|
Friday, 18 Apr 2014
|
15:03 ohauer
- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs
Security: CVE-2014-1517
Security: 608ed765-c700-11e3-848c-20cf30e32f6d
Security: 60bfa396-c702-11e3-848c-20cf30e32f6d
|
Thursday, 17 Oct 2013
|
19:35 ohauer
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is
recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
|
Thursday, 20 Jun 2013
|
22:21 ohauer
New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44
Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html
|
Number of commits found: 8 |