notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
non port: devel/bugzilla3/pkg-plist

Number of commits found: 3

Saturday, 28 Jul 2012
16:25 ohauer search for other commits by this committer
- pkgng: cosmetic fix against lstat messages
Original commit
Saturday, 21 Apr 2012
17:37 ohauer search for other commits by this committer
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry

Approved by:    skv (implicit)
Security:       https://bugzilla.mozilla.org/show_bug.cgi?id=728639
                https://bugzilla.mozilla.org/show_bug.cgi?id=745397
                CVE-2012-0465
                CVE-2012-0466
Original commit
Thursday, 5 Jan 2012
17:25 ohauer search for other commits by this committer
- update to version 3.6.7
- CVE-2011-3657
- CVE-2011-3667

Summary
=======

The following security issues have been discovered in Bugzilla:

* When viewing tabular or graphical reports as well as new charts,
  an XSS vulnerability is possible in debug mode.

* The User.offer_account_by_email WebService method lets you create
  a new user account even if the active authentication method forbids
  users to create an account.

* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
  lead to the creation of unwanted bug reports and attachments.

All affected installations are encouraged to upgrade as soon as possible.

Full Release Notes:
http://www.bugzilla.org/security/3.4.12/

Approved by:    skv@ (explicit)
Original commit

Number of commits found: 3