FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|2b841f88-2e8d-11e2-ad21-20cf30e32f6d||bugzilla -- multiple vulnerabilities|
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
If the visibility of a custom field is controlled by a product
or a component of a product you cannot see, their names are
despite they should remain confidential.
Calling the User.get method with a 'groups' argument leaks the
existence of the groups depending on whether an error is thrown
or not. This method now also throws an error if the user calling
this method does not belong to these groups (independently of
whether the groups exist or not).
Trying to mark an attachment in a bug you cannot see as obsolete
discloses its description in the error message. The description
of the attachment is now removed from the error message.
Due to incorrectly filtered field values in tabular reports,
it is possible to inject code leading to XSS.
injection exploits to be created against domains that host this
affected YUI .swf file.
ge 3.6.0 lt 3.6.12
ge 4.0.0 lt 4.0.9
ge 4.2.0 lt 4.2.4