| non port: devel/bugzilla/distinfo |
Number of commits found: 53 |
|
Wednesday, 20 Feb 2013
|
06:16 ohauer 
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786
  |
|
Wednesday, 14 Nov 2012
|
19:29 ohauer
- bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4
Summary
=======
The following security issues have been discovered in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility of
a custom field.
* When calling the 'User.get' WebService method with a 'groups'
argument, it is possible to check if the given group names exist
or not.
* Due to incorrectly filtered field values in tabular reports, it is
possible to inject code which can lead to XSS.
* When trying to mark an attachment in a bug you cannot see as
obsolete, the description of the attachment is disclosed in the
error message.
* A vulnerability in swfstore.swf from YUI2 can lead to XSS.
Feature safe: yes
Security: CVE-2012-4199
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
CVE-2012-4198
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
CVE-2012-4189
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
CVE-2012-4197
https://bugzilla.mozilla.org/show_bug.cgi?id=802204
CVE-2012-5475
https://bugzilla.mozilla.org/show_bug.cgi?id=808845
http://yuilibrary.com/support/20121030-vulnerability/
|
|
Saturday, 1 Sep 2012
|
20:16 ohauer
- update bugzilla bugzilla3 and bugzilla42
- use new bugzilla@ address (members skv@, tota@, ohauer@)
- patch russian/japanese/german bugzilla and bugzilla templates
so the reflect the security updates in the original templates
- patch german/bugzilla42 templates
- adopt new Makefile header
vuxml: 6ad18fe5-f469-11e1-920d-20cf30e32f6d
CVE: CVE-2012-3981
https://bugzilla.mozilla.org/show_bug.cgi?id=785470
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
https://bugzilla.mozilla.org/show_bug.cgi?id=785511
|
|
Friday, 27 Jul 2012
|
21:34 ohauer
- security update bugzilla
new Versions: 3.6.10, 4.0.7, 4.2.2
4.2.2
This release fixes two security issues. See the Security Advisory for details.
In addition, the following important fixes/changes have been made in this
release:
o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
when entered in the CC list of bugs. (Bug 756314)
o Some queries could trigger an invalid SQL query if strings entered by the
user
contained leading or trailing whitespaces. (Bug 760075)
o The auto-completion form for keywords no longer automatically selects the
first keyword in the list when the field is empty. (Bug 764517)
o A regression in Bugzilla 4.2 prevented classifications from being used in
graphical and tabular reports in the "Multiple Tables" field. (Bug 753688)
o Attachments created by the email_in.pl script were associated to the wrong
comment. (Bug 762785)
o Very long dependency lists can now be viewed correctly. (Bug 762783)
o Keywords are now correctly escaped in the auto-completion form to prevent
any
XSS abuse. (Bug 754561)
o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
the "Un-forget the search" link to not work correctly anymore when restoring
a
deleted saved search, because this link was lacking a valid token. (Bug
768870)
o Two minor CSRF vulnerabilities have been fixed which could let an attacker
alter your default search criteria in the Advanced Search page. (Bugs 754672
and 754673)
4.0.7
This release fixes one security issue. See the Security Advisory for details.
In addition, the following bugs have been fixed in this release:
o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
when entered in the CC list of bugs. (Bug 756314)
o Keywords are now correctly escaped in the auto-complete form to prevent any
XSS abuse. (Bug 754561)
o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
the "Un-forget the search" link to not work correctly anymore when restoring
a
deleted saved search, because this link was lacking a valid token. (Bug
768870)
3.6.10
This release fixes one security issue. See the Security Advisory for details.
http://www.bugzilla.org/security/3.6.9/
Approved by: implicit skv@ (bugzilla / bugzilla3)
Security: CVE-2012-1968
CVE-2012-1969
https://bugzilla.mozilla.org/show_bug.cgi?id=777398
https://bugzilla.mozilla.org/show_bug.cgi?id=777586
vid=58253655-d82c-11e1-907c-20cf30e32f6d
|
|
Saturday, 21 Apr 2012
|
17:37 ohauer
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry
Approved by: skv (implicit)
Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
CVE-2012-0465
CVE-2012-0466
|
|
Tuesday, 10 Apr 2012
|
05:15 ohauer
- update to 4.0.5
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit)
|
|
Monday, 6 Feb 2012
|
12:03 skv
Update to 4.0.4
Changes:
http://www.bugzilla.org/releases/4.0.4/release-notes.html#v40_point
Security:
http://www.vuxml.org/freebsd/309542b5-50b9-11e1-b0d8-00151735203a.html
|
|
Thursday, 5 Jan 2012
|
17:25 ohauer
- update to version 3.6.7
- CVE-2011-3657
- CVE-2011-3667
Summary
=======
The following security issues have been discovered in Bugzilla:
* When viewing tabular or graphical reports as well as new charts,
an XSS vulnerability is possible in debug mode.
* The User.offer_account_by_email WebService method lets you create
a new user account even if the active authentication method forbids
users to create an account.
* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
lead to the creation of unwanted bug reports and attachments.
All affected installations are encouraged to upgrade as soon as possible.
Full Release Notes:
http://www.bugzilla.org/security/3.4.12/
Approved by: skv@ (explicit)
|
|
Saturday, 13 Aug 2011
|
18:24 skv
Update to 4.0.2
Changes: http://www.bugzilla.org/releases/4.0.2/release-notes.html
Security:
http://www.vuxml.org/freebsd/dc8741b9-c5d5-11e0-8a8e-00151735203a.html
PR: ports/159576
Submitted by: Peter Vereshagin <peter@vereshagin.org>
|
|
Monday, 18 Jul 2011
|
21:56 ohauer
- create missing (empty) directory (bugzilla) so checksetup does not fail
- use DIST_SUBDIR for bugzilla and all translations
- sort pkg-plist (genplist)
OK from bugzilla maintainers per PM.
PR: ports/158766
Submitted by: ohauer
|
|
Tuesday, 7 Jun 2011
|
13:30 skv
- Copy devel/bugzilla to devel/bugzilla3; russian/bugzilla-ru to
russian/bugzilla3-ru
- Update devel/bugzilla, russian/bugzilla-ru to 4.0.1
- Update devel/bugzilla3, russian/bugzilla3-ru to 3.6.5
Changes: http://www.bugzilla.org/releases/4.0.1/release-notes.html
http://www.bugzilla.org/releases/3.6.5/release-notes.html
|
|
Tuesday, 25 Jan 2011
|
15:49 skv
Update to 3.6.4
Changes: http://www.bugzilla.org/releases/3.6.4/release-notes.html
Security:
http://www.vuxml.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html
Feature safe: yes
|
|
Sunday, 12 Dec 2010
|
05:56 tota
- Update to 3.6.3 [1]
- Use WWWDIR instead of some other custom locations [2]
- Add Makefile.common which Makefiles in devel/bugzilla, russian/bugzilla-ru
and japanese/bugzilla include to use WWWDIR in common [2]
Changes: http://www.bugzilla.org/releases/3.6.3/release-notes.html [1]
Security: http://www.bugzilla.org/security/3.2.8/ [1]
PR: ports/151912 [1], [2]
Submitted by: ohauer [1], tota (myself) [2]
Approved by: skv
|
|
Monday, 6 Sep 2010
|
07:58 skv
Update to 3.6.2
Changes: http://www.bugzilla.org/releases/3.6.2/release-notes.html
Security:
http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html
PR: ports/149721
Submitted by: ohauer
|
|
Monday, 5 Jul 2010
|
16:42 skv
Update to 3.6.1
Changes: http://www.bugzilla.org/releases/3.6.1/release-notes.html
Security:
http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html
PR: ports/148149
Submitted by: olli hauer <ohauer@gmx.de>
Feature safe: yes
|
|
Friday, 16 Apr 2010
|
07:15 skv
Update to 3.6
Changes: http://www.bugzilla.org/releases/3.6/release-notes.html
|
|
Monday, 8 Mar 2010
|
12:26 skv
Update to 3.4.6
Changes: http://www.bugzilla.org/releases/3.4.6/release-notes.html
|
|
Monday, 1 Feb 2010
|
16:53 skv
- Update to 3.4.5 [1]
- Use $SUB_FILES & $SUB_LIST to dynamically adjust pkg-message [2]
Changes: http://www.bugzilla.org/security/3.0.10/ [1]
Security:
http://www.vuxml.org/freebsd/696053c6-0f50-11df-a628-001517351c22.html
PR: ports/142446 [2]
Submitted by: Sevan Janiyan <venture37 xx geeklan.co.uk> [2]
|
|
Monday, 23 Nov 2009
|
18:11 skv
Update to 3.4.4.
Changes: http://www.bugzilla.org/security/3.4.3/
Security:
http://www.vuxml.org/freebsd/92ca92c1-d859-11de-89f9-001517351c22.html
|
|
Thursday, 12 Nov 2009
|
21:03 skv
Update to 3.4.3
Changes: http://www.bugzilla.org/releases/3.4.3/release-notes.html
PR: ports/140327
Submitted by: Sahil Tandon <sahil xx tandon.net>
|
|
Thursday, 17 Sep 2009
|
13:30 skv
Update to 3.4.2.
Changes: http://www.bugzilla.org/security/3.0.8/
Security:
http://www.vuxml.org/freebsd/b9ec7fe3-a38a-11de-9c6b-003048818f40.html
Feature safe: yes
|
|
Monday, 17 Aug 2009
|
11:05 skv
Update to 3.4.1.
Changes: http://www.bugzilla.org/security/3.4/
Security:
http://www.vuxml.org/freebsd/d67b517d-8214-11de-88ea-001a4d49522b.html
|
|
Thursday, 30 Jul 2009
|
15:41 skv
Update to 3.4
Changes: http://www.bugzilla.org/releases/3.4/release-notes.html
|
|
Sunday, 12 Apr 2009
|
20:39 skv
Update to 3.2.3
Changes:
http://www.bugzilla.org/releases/3.2.3/release-notes.html#v32_point
|
|
Saturday, 14 Feb 2009
|
21:54 skv
Update to 3.2.2
Changes: http://www.bugzilla.org/releases/3.2.2/release-notes.html
PR: ports/131404
Submitted by: pgollucci
|
|
Monday, 1 Dec 2008
|
15:38 skv
Update to 3.2
Changes: http://www.bugzilla.org/releases/3.2/release-notes.html
PR: ports/129333
Submitted by: Eygene Ryabinkin <rea-fbsd xx codelabs.ru>
|
|
Friday, 7 Nov 2008
|
14:45 skv
Update to 3.0.6
Changes: http://www.bugzilla.org/releases/3.0.6/release-notes.html
|
|
Friday, 15 Aug 2008
|
16:32 skv
Update to 3.0.5
Changes: http://www.bugzilla.org/releases/3.0.5/release-notes.html
Security:
http://www.vuxml.org/freebsd/1d96305d-6ae6-11dd-91d5-000c29d47fd7.html
|
|
Monday, 28 Jul 2008
|
12:47 skv
Update to 3.0.4
Changes:
http://www.bugzilla.org/releases/3.0.4/release-notes.html#v30_point
|
|
Thursday, 7 Feb 2008
|
09:35 skv
Update to 3.0.3
Changes:
http://www.bugzilla.org/releases/3.0.3/release-notes.html#v30_point
|
|
Saturday, 22 Sep 2007
|
10:27 skv
Update to 3.0.2
PR: ports/116517
Submitted by: Nick Barkas <snb xxx threerings.net>
Changes: http://www.bugzilla.org/releases/3.0.2/release-notes.html
Security:
http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html
|
|
Thursday, 30 Aug 2007
|
12:37 skv
Update to 3.0.1
Changes: http://www.bugzilla.org/releases/3.0.1/release-notes.html
|
|
Sunday, 27 May 2007
|
13:16 skv
Upgrade Bugzilla to 3.0; repocopy 2.x branch to devel/bugzilla2
|
|
Monday, 12 Feb 2007
|
14:23 skv
* update to 2.22.2
* remove EMAIL_GATEWAY option (it's by default now)
* add dependency on p5-Mail-Tools [1]
Changes: http://www.bugzilla.org/releases/2.22.2/release-notes.html
PR: ports/103453 [1]
Submitted by: Cezary Morga <cezarym@data.pl> [1]
|
|
Wednesday, 15 Nov 2006
|
14:47 skv
Update to 2.22.1
Changes: http://www.bugzilla.org/releases/2.22.1/release-notes.html
PR: ports/105554
Sumbitted by: Ulrich Spoerlein <uspoerlein xxx gmail.com>
|
|
Tuesday, 2 May 2006
|
13:27 skv
Update to 2.22
Changes: http://www.bugzilla.org/releases/2.22/release-notes.html
|
|
Monday, 27 Feb 2006
|
14:40 skv
Update Bugzilla to 2.20.1
Approved by: portmgr (clement)
Pointed by: mnag
Security: http://vuxml.FreeBSD.org/46f7b598-a781-11da-906a-fde5cdde365e
|
|
Sunday, 22 Jan 2006
|
08:30 edwin
SHA256ify
Approved by: krion@
|
|
Thursday, 6 Oct 2005
|
12:41 skv
Update to 2.20
|
|
Monday, 11 Jul 2005
|
14:13 skv
Update to 2.18.3, bug-fixes:
* https://bugzilla.mozilla.org/show_bug.cgi?id=293159
* https://bugzilla.mozilla.org/show_bug.cgi?id=292544
Reported by: simon
Security:
http://vuxml.freebsd.org/6e33f4ab-efed-11d9-8310-0001020eed82.html
|
|
Wednesday, 8 Jun 2005
|
14:56 skv
Update to 2.18.1
PR: ports/81583
Submitted by: Choe, Cheng-Dae <whitekid at gmail.com>
|
|
Monday, 24 Jan 2005
|
16:44 pav
- Update to 2.18
PR: ports/76531
Submitted by: "Choe, Cheng-Dae" <whitekid@gmail.com>
|
|
Wednesday, 27 Oct 2004
|
19:23 pav
- Update to 2.16.7, a security release:
Class: Unauthorized Bug Change
Versions: 2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
message to process_bug.cgi which will remove keywords from
a bug even if you don't have permissions to edit all bug
fields (the "editbugs" permission). Such changes are
reported in "bug changed" email notifications, so they are
easily detected and reversed if someone abuses it.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=252638
- Correct SQL command in pkg-message
PR: ports/71161, ports/73166
Submitted by: Dmitry A Grigorovich <odip@bionet.nsc.ru>
|
|
Saturday, 17 Jul 2004
|
05:22 edwin
[PATCH] devel/bugzilla: update to 2.16.6
- Update to 2.16.6
PR: ports/69105
Submitted by: TAKATSU Tomonari <tota@rtfm.jp>
|
|
Wednesday, 30 Jun 2004
|
08:27 eik
- update devel/bugzilla to 2.16.5
- new slave port japanese/bugzilla
PR: 68318, 68319
Submitted by: TAKATSU Tomonari <tota@rtfm.jp>
|
|
Thursday, 29 Jan 2004
|
07:24 trevor
SIZEify.
|
|
Friday, 21 Nov 2003
|
11:36 jeh
There are several security related problem in bugzilla 2.16.3 and earlier,
The bugzilla developer released a security advisory.
see: http://www.bugzilla.org/security/2.16.3/
PR: 58905
Submitted by: Kang Liu
|
|
Monday, 12 May 2003
|
13:54 fjoe
Security update to 2.16.3.
See http://www.bugzilla.org/security/2.16.2/.
PR: 52096
|
|
Monday, 24 Mar 2003
|
14:44 fjoe
Update to 2.16.2
PR: 47883
|
|
Friday, 11 Oct 2002
|
14:28 phantom
Update to 2.14.4 (one more security update)
PR: ports/43883
Submitted by: Jason Li <delphij@frontfree.net>
|
|
Sunday, 18 Aug 2002
|
15:33 phantom
Update to 2.14.3.
Fixes broken in 2.14.2 ability to sort bug lists on more then one field
and possible security hole with contrib/bug_email.pl and
contrib/bugzilla_email_append.pl scripts.
This is bugfix release and latest release from 2.14 branch. This update
provided for 2.14 users who would like to stay with 2.14. All new users
should wait until port is updated to 2.16.
|
|
Monday, 8 Jul 2002
|
15:03 phantom
Update to 2.14.2. This is security update! Upgrade recomended!
PR: ports/39041
Submitted by: Paul Marquis <pmarquis@pobox.com>
|
|
Monday, 1 Oct 2001
|
14:18 phantom
Add bugzilla 2.14, bug-tracking system developed by Mozilla Project
|
Number of commits found: 53 |
As an Amazon Associate I earn from qualifying purchases.