notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
non port: devel/bugzilla/distinfo

Number of commits found: 53

Wednesday, 20 Feb 2013
06:16 ohauer search for other commits by this committer
- update bugzilla ports to latest version

  Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
  branch and the 3.6 branch, respectively. 4.0.10 contains several
  useful bug fixes and 3.6.13 contains only security fixes.

Security:	CVE-2013-0785
		CVE-2013-0786
Original commitRevision:312611 
Wednesday, 14 Nov 2012
19:29 ohauer search for other commits by this committer
- bugzilla security updates to version(s)
  3.6.11, 4.0.8, 4.2.4

Summary
=======

The following security issues have been discovered in Bugzilla:

* Confidential product and component names can be disclosed to
  unauthorized users if they are used to control the visibility of
  a custom field.

* When calling the 'User.get' WebService method with a 'groups'
  argument, it is possible to check if the given group names exist
  or not.

* Due to incorrectly filtered field values in tabular reports, it is
  possible to inject code which can lead to XSS.

* When trying to mark an attachment in a bug you cannot see as
  obsolete, the description of the attachment is disclosed in the
  error message.

* A vulnerability in swfstore.swf from YUI2 can lead to XSS.

Feature safe: yes

Security:	CVE-2012-4199
		https://bugzilla.mozilla.org/show_bug.cgi?id=731178

		CVE-2012-4198
		https://bugzilla.mozilla.org/show_bug.cgi?id=781850

		CVE-2012-4189
		https://bugzilla.mozilla.org/show_bug.cgi?id=790296

		CVE-2012-4197
		https://bugzilla.mozilla.org/show_bug.cgi?id=802204

		CVE-2012-5475
		https://bugzilla.mozilla.org/show_bug.cgi?id=808845
		http://yuilibrary.com/support/20121030-vulnerability/
Original commitRevision:307425 
Saturday, 1 Sep 2012
20:16 ohauer search for other commits by this committer
- update bugzilla bugzilla3 and bugzilla42
- use new bugzilla@ address (members skv@, tota@, ohauer@)
- patch russian/japanese/german bugzilla and bugzilla templates
  so the reflect the security updates in the original templates
- patch german/bugzilla42 templates
- adopt new Makefile header

	vuxml: 6ad18fe5-f469-11e1-920d-20cf30e32f6d
	CVE: CVE-2012-3981
	https://bugzilla.mozilla.org/show_bug.cgi?id=785470
	https://bugzilla.mozilla.org/show_bug.cgi?id=785522
	https://bugzilla.mozilla.org/show_bug.cgi?id=785511
Original commitRevision:303519 
Friday, 27 Jul 2012
21:34 ohauer search for other commits by this committer
- security update bugzilla
  new Versions: 3.6.10, 4.0.7, 4.2.2

  4.2.2

  This release fixes two security issues. See the Security Advisory for details.

  In addition, the following important fixes/changes have been made in this
release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Some queries could trigger an invalid SQL query if strings entered by the
user
    contained leading or trailing whitespaces. (Bug 760075)
  o The auto-completion form for keywords no longer automatically selects the
    first keyword in the list when the field is empty. (Bug 764517)
  o A regression in Bugzilla 4.2 prevented classifications from being used in
    graphical and tabular reports in the "Multiple Tables" field. (Bug 753688)
  o Attachments created by the email_in.pl script were associated to the wrong
    comment. (Bug 762785)
  o Very long dependency lists can now be viewed correctly. (Bug 762783)
  o Keywords are now correctly escaped in the auto-completion form to prevent
any
    XSS abuse. (Bug 754561)
  o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
    the "Un-forget the search" link to not work correctly anymore when restoring
a
    deleted saved search, because this link was lacking a valid token. (Bug
768870)
  o Two minor CSRF vulnerabilities have been fixed which could let an attacker
    alter your default search criteria in the Advanced Search page. (Bugs 754672
    and 754673)

  4.0.7

  This release fixes one security issue. See the Security Advisory for details.

  In addition, the following bugs have been fixed in this release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Keywords are now correctly escaped in the auto-complete form to prevent any
    XSS abuse. (Bug 754561)
  o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
    the "Un-forget the search" link to not work correctly anymore when restoring
a
    deleted saved search, because this link was lacking a valid token. (Bug
768870)

  3.6.10

  This release fixes one security issue. See the Security Advisory for details.
  http://www.bugzilla.org/security/3.6.9/

Approved by:	implicit skv@ (bugzilla / bugzilla3)
Security:	CVE-2012-1968
		CVE-2012-1969
		https://bugzilla.mozilla.org/show_bug.cgi?id=777398
		https://bugzilla.mozilla.org/show_bug.cgi?id=777586
		vid=58253655-d82c-11e1-907c-20cf30e32f6d
Original commit
Saturday, 21 Apr 2012
17:37 ohauer search for other commits by this committer
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry

Approved by:    skv (implicit)
Security:       https://bugzilla.mozilla.org/show_bug.cgi?id=728639
                https://bugzilla.mozilla.org/show_bug.cgi?id=745397
                CVE-2012-0465
                CVE-2012-0466
Original commit
Tuesday, 10 Apr 2012
05:15 ohauer search for other commits by this committer
- update to 4.0.5

Vulnerability Details
=====================

Class:       Cross-Site Request Forgery
Versions:    4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In:    4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
             attribute when making POST requests to xmlrpc.cgi,
             a possible CSRF vulnerability was discovered. If a user
             visits an HTML page with some malicious HTML code in it,
             an attacker could make changes to a remote Bugzilla installation
             on behalf of the victim's account by using the XML-RPC API
             on a site running mod_perl. Sites running under mod_cgi
             are not affected. Also the user would have had to be
             already logged in to the target site for the vulnerability
             to work.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number:  CVE-2012-0453

Approved by:    skv (implicit)
Original commit
Monday, 6 Feb 2012
12:03 skv search for other commits by this committer
Update to 4.0.4

Changes:       
http://www.bugzilla.org/releases/4.0.4/release-notes.html#v40_point
Security:      
http://www.vuxml.org/freebsd/309542b5-50b9-11e1-b0d8-00151735203a.html
Original commit
Thursday, 5 Jan 2012
17:25 ohauer search for other commits by this committer
- update to version 3.6.7
- CVE-2011-3657
- CVE-2011-3667

Summary
=======

The following security issues have been discovered in Bugzilla:

* When viewing tabular or graphical reports as well as new charts,
  an XSS vulnerability is possible in debug mode.

* The User.offer_account_by_email WebService method lets you create
  a new user account even if the active authentication method forbids
  users to create an account.

* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
  lead to the creation of unwanted bug reports and attachments.

All affected installations are encouraged to upgrade as soon as possible.

Full Release Notes:
http://www.bugzilla.org/security/3.4.12/

Approved by:    skv@ (explicit)
Original commit
Saturday, 13 Aug 2011
18:24 skv search for other commits by this committer
Update to 4.0.2

Changes:        http://www.bugzilla.org/releases/4.0.2/release-notes.html
Security:      
http://www.vuxml.org/freebsd/dc8741b9-c5d5-11e0-8a8e-00151735203a.html
PR:             ports/159576
Submitted by:   Peter Vereshagin <peter@vereshagin.org>
Original commit
Monday, 18 Jul 2011
21:56 ohauer search for other commits by this committer
- create missing (empty) directory (bugzilla) so checksetup does not fail
- use DIST_SUBDIR for bugzilla and all translations
- sort pkg-plist (genplist)

OK from bugzilla maintainers per PM.

PR:             ports/158766
Submitted by:   ohauer
Original commit
Tuesday, 7 Jun 2011
13:30 skv search for other commits by this committer
- Copy devel/bugzilla to devel/bugzilla3; russian/bugzilla-ru to
russian/bugzilla3-ru
- Update devel/bugzilla, russian/bugzilla-ru to 4.0.1
- Update devel/bugzilla3, russian/bugzilla3-ru to 3.6.5

Changes:        http://www.bugzilla.org/releases/4.0.1/release-notes.html
                http://www.bugzilla.org/releases/3.6.5/release-notes.html
Original commit
Tuesday, 25 Jan 2011
15:49 skv search for other commits by this committer
Update to 3.6.4

Changes:        http://www.bugzilla.org/releases/3.6.4/release-notes.html
Security:      
http://www.vuxml.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html
Feature safe:   yes
Original commit
Sunday, 12 Dec 2010
05:56 tota search for other commits by this committer
- Update to 3.6.3 [1]
- Use WWWDIR instead of some other custom locations [2]
- Add Makefile.common which Makefiles in devel/bugzilla, russian/bugzilla-ru
  and japanese/bugzilla include to use WWWDIR in common [2]

Changes:        http://www.bugzilla.org/releases/3.6.3/release-notes.html [1]
Security:       http://www.bugzilla.org/security/3.2.8/ [1]
PR:     ports/151912 [1], [2]
Submitted by:   ohauer [1], tota (myself) [2]
Approved by:    skv
Original commit
Monday, 6 Sep 2010
07:58 skv search for other commits by this committer
Update to 3.6.2

Changes:        http://www.bugzilla.org/releases/3.6.2/release-notes.html
Security:      
http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html
PR:             ports/149721
Submitted by:   ohauer
Original commit
Monday, 5 Jul 2010
16:42 skv search for other commits by this committer
Update to 3.6.1

Changes:        http://www.bugzilla.org/releases/3.6.1/release-notes.html
Security:      
http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html
PR:             ports/148149
Submitted by:   olli hauer <ohauer@gmx.de>
Feature safe:   yes
Original commit
Friday, 16 Apr 2010
07:15 skv search for other commits by this committer
Update to 3.6

Changes:        http://www.bugzilla.org/releases/3.6/release-notes.html
Original commit
Monday, 8 Mar 2010
12:26 skv search for other commits by this committer
Update to 3.4.6

Changes:        http://www.bugzilla.org/releases/3.4.6/release-notes.html
Original commit
Monday, 1 Feb 2010
16:53 skv search for other commits by this committer
- Update to 3.4.5 [1]
- Use $SUB_FILES & $SUB_LIST to dynamically adjust pkg-message [2]

Changes:        http://www.bugzilla.org/security/3.0.10/ [1]
Security:      
http://www.vuxml.org/freebsd/696053c6-0f50-11df-a628-001517351c22.html
PR:             ports/142446 [2]
Submitted by:   Sevan Janiyan <venture37 xx geeklan.co.uk> [2]
Original commit
Monday, 23 Nov 2009
18:11 skv search for other commits by this committer
Update to 3.4.4.

Changes:        http://www.bugzilla.org/security/3.4.3/
Security:      
http://www.vuxml.org/freebsd/92ca92c1-d859-11de-89f9-001517351c22.html
Original commit
Thursday, 12 Nov 2009
21:03 skv search for other commits by this committer
Update to 3.4.3

Changes:        http://www.bugzilla.org/releases/3.4.3/release-notes.html
PR:             ports/140327
Submitted by:   Sahil Tandon <sahil xx tandon.net>
Original commit
Thursday, 17 Sep 2009
13:30 skv search for other commits by this committer
Update to 3.4.2.

Changes:        http://www.bugzilla.org/security/3.0.8/
Security:      
http://www.vuxml.org/freebsd/b9ec7fe3-a38a-11de-9c6b-003048818f40.html
Feature safe:   yes
Original commit
Monday, 17 Aug 2009
11:05 skv search for other commits by this committer
Update to 3.4.1.

Changes:        http://www.bugzilla.org/security/3.4/
Security:      
http://www.vuxml.org/freebsd/d67b517d-8214-11de-88ea-001a4d49522b.html
Original commit
Thursday, 30 Jul 2009
15:41 skv search for other commits by this committer
Update to 3.4

Changes:        http://www.bugzilla.org/releases/3.4/release-notes.html
Original commit
Sunday, 12 Apr 2009
20:39 skv search for other commits by this committer
Update to 3.2.3

Changes:       
http://www.bugzilla.org/releases/3.2.3/release-notes.html#v32_point
Original commit
Saturday, 14 Feb 2009
21:54 skv search for other commits by this committer
Update to 3.2.2

Changes:        http://www.bugzilla.org/releases/3.2.2/release-notes.html
PR:             ports/131404
Submitted by:   pgollucci
Original commit
Monday, 1 Dec 2008
15:38 skv search for other commits by this committer
Update to 3.2

Changes:        http://www.bugzilla.org/releases/3.2/release-notes.html
PR:             ports/129333
Submitted by:   Eygene Ryabinkin <rea-fbsd xx codelabs.ru>
Original commit
Friday, 7 Nov 2008
14:45 skv search for other commits by this committer
Update to 3.0.6

Changes:        http://www.bugzilla.org/releases/3.0.6/release-notes.html
Original commit
Friday, 15 Aug 2008
16:32 skv search for other commits by this committer
Update to 3.0.5

Changes:        http://www.bugzilla.org/releases/3.0.5/release-notes.html
Security:      
http://www.vuxml.org/freebsd/1d96305d-6ae6-11dd-91d5-000c29d47fd7.html
Original commit
Monday, 28 Jul 2008
12:47 skv search for other commits by this committer
Update to 3.0.4

Changes:               
http://www.bugzilla.org/releases/3.0.4/release-notes.html#v30_point
Original commit
Thursday, 7 Feb 2008
09:35 skv search for other commits by this committer
Update to 3.0.3

Changes:       
http://www.bugzilla.org/releases/3.0.3/release-notes.html#v30_point
Original commit
Saturday, 22 Sep 2007
10:27 skv search for other commits by this committer
Update to 3.0.2

PR:             ports/116517
Submitted by:   Nick Barkas <snb xxx threerings.net>
Changes:        http://www.bugzilla.org/releases/3.0.2/release-notes.html
Security:      
http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html
Original commit
Thursday, 30 Aug 2007
12:37 skv search for other commits by this committer
Update to 3.0.1

Changes:        http://www.bugzilla.org/releases/3.0.1/release-notes.html
Original commit
Sunday, 27 May 2007
13:16 skv search for other commits by this committer
Upgrade Bugzilla to 3.0; repocopy 2.x branch to devel/bugzilla2
Original commit
Monday, 12 Feb 2007
14:23 skv search for other commits by this committer
* update to 2.22.2
* remove EMAIL_GATEWAY option (it's by default now)
* add dependency on p5-Mail-Tools [1]

Changes:        http://www.bugzilla.org/releases/2.22.2/release-notes.html
PR:             ports/103453 [1]
Submitted by:   Cezary Morga <cezarym@data.pl> [1]
Original commit
Wednesday, 15 Nov 2006
14:47 skv search for other commits by this committer
Update to 2.22.1

Changes:        http://www.bugzilla.org/releases/2.22.1/release-notes.html
PR:             ports/105554
Sumbitted by:   Ulrich Spoerlein <uspoerlein xxx gmail.com>
Original commit
Tuesday, 2 May 2006
13:27 skv search for other commits by this committer
Update to 2.22

Changes:        http://www.bugzilla.org/releases/2.22/release-notes.html
Original commit
Monday, 27 Feb 2006
14:40 skv search for other commits by this committer
Update Bugzilla to 2.20.1

Approved by:    portmgr (clement)
Pointed by:     mnag
Security:       http://vuxml.FreeBSD.org/46f7b598-a781-11da-906a-fde5cdde365e
Original commit
Sunday, 22 Jan 2006
08:30 edwin search for other commits by this committer
SHA256ify

Approved by:    krion@
Original commit
Thursday, 6 Oct 2005
12:41 skv search for other commits by this committer
Update to 2.20
Original commit
Monday, 11 Jul 2005
14:13 skv search for other commits by this committer
Update to 2.18.3, bug-fixes:

* https://bugzilla.mozilla.org/show_bug.cgi?id=293159
* https://bugzilla.mozilla.org/show_bug.cgi?id=292544

Reported by:    simon
Security:      
http://vuxml.freebsd.org/6e33f4ab-efed-11d9-8310-0001020eed82.html
Original commit
Wednesday, 8 Jun 2005
14:56 skv search for other commits by this committer
Update to 2.18.1

PR:             ports/81583
Submitted by:   Choe, Cheng-Dae <whitekid at gmail.com>
Original commit
Monday, 24 Jan 2005
16:44 pav search for other commits by this committer
- Update to 2.18

PR:             ports/76531
Submitted by:   "Choe, Cheng-Dae" <whitekid@gmail.com>
Original commit
Wednesday, 27 Oct 2004
19:23 pav search for other commits by this committer
- Update to 2.16.7, a security release:

Class:       Unauthorized Bug Change
Versions:    2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
             message to process_bug.cgi which will remove keywords from
             a bug even if you don't have permissions to edit all bug
             fields (the "editbugs" permission).  Such changes are
             reported in "bug changed" email notifications, so they are
             easily detected and reversed if someone abuses it.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=252638

- Correct SQL command in pkg-message

PR:             ports/71161, ports/73166
Submitted by:   Dmitry A Grigorovich <odip@bionet.nsc.ru>
Original commit
Saturday, 17 Jul 2004
05:22 edwin search for other commits by this committer
[PATCH] devel/bugzilla: update to 2.16.6

    - Update to 2.16.6

PR:             ports/69105
Submitted by:   TAKATSU Tomonari <tota@rtfm.jp>
Original commit
Wednesday, 30 Jun 2004
08:27 eik search for other commits by this committer
- update devel/bugzilla to 2.16.5
- new slave port japanese/bugzilla

PR:             68318, 68319
Submitted by:   TAKATSU Tomonari <tota@rtfm.jp>
Original commit
Thursday, 29 Jan 2004
07:24 trevor search for other commits by this committer
SIZEify.
Original commit
Friday, 21 Nov 2003
11:36 jeh search for other commits by this committer
There are several security related problem in bugzilla 2.16.3 and earlier,
The bugzilla developer released a security advisory.
see: http://www.bugzilla.org/security/2.16.3/

PR:             58905
Submitted by:   Kang Liu
Original commit
Monday, 12 May 2003
13:54 fjoe search for other commits by this committer
Security update to 2.16.3.
See http://www.bugzilla.org/security/2.16.2/.

PR:             52096
Original commit
Monday, 24 Mar 2003
14:44 fjoe search for other commits by this committer
Update to 2.16.2

PR:             47883
Original commit
Friday, 11 Oct 2002
14:28 phantom search for other commits by this committer
Update to 2.14.4 (one more security update)

PR:             ports/43883
Submitted by:   Jason Li <delphij@frontfree.net>
Original commit
Sunday, 18 Aug 2002
15:33 phantom search for other commits by this committer
Update to 2.14.3.

Fixes broken in 2.14.2 ability to sort bug lists on more then one field
and possible security hole with contrib/bug_email.pl and
contrib/bugzilla_email_append.pl scripts.

This is bugfix release and latest release from 2.14 branch. This update
provided for 2.14 users who would like to stay with 2.14. All new users
should wait until port is updated to 2.16.
Original commit
Monday, 8 Jul 2002
15:03 phantom search for other commits by this committer
Update to 2.14.2. This is security update! Upgrade recomended!

PR:             ports/39041
Submitted by:   Paul Marquis <pmarquis@pobox.com>
Original commit
Monday, 1 Oct 2001
14:18 phantom search for other commits by this committer
Add bugzilla 2.14, bug-tracking system developed by Mozilla Project    
Original commit

Number of commits found: 53