non port: devel/bugzilla44/distinfo |
Number of commits found: 14 |
Saturday, 17 Feb 2018
|
09:47 ohauer
- update to 4.4.13
MFH: 2018Q1
Security: CVE-2018-5123
Security: vid: 22283b8c-13c5-11e8-a861-20cf30e32f6d
|
Tuesday, 17 May 2016
|
18:35 ohauer
- update to 4.4.12
Security: CVE-2016-2803
Security: 036d6c38-1c5b-11e6-b9e0-20cf30e32f6d
|
Wednesday, 23 Dec 2015
|
11:25 ohauer
- update to 4.4.11
This release fixes two security issues.
See the Security Advisory for details. [1]
This release also contains the following bug fix:
o mod_perl now works correctly with mod_access_compat turned off
on Apache 2.4. The (incorrect) fix implemented in Bugzilla 4.4.9
has been backed out. To regenerate the .htaccess files, you must
first delete all existing ones in subdirectories:
find . -mindepth 2 -name .htaccess -exec rm -f {} \;
You must then run checksetup.pl again to recreate them with the
correct syntax. (Bug 1223790)
[1] https://www.bugzilla.org/security/4.2.15/
MFH: 2015Q4
Security: CVE-2015-8508
CVE-2015-8509
vid="54075861-a95a-11e5-8b40-20cf30e32f6d"
|
Monday, 14 Sep 2015
|
04:10 ohauer
- update bugzilla ports to 5.0.1 / 4.4.10
o Users whose login name is not an email address could not log in on
installations which use LDAP to authenticate users.
o If a mandatory custom field was hidden, it was not possible to create a
new bug or to edit existing ones.
o A user editing his login name to point to a non-existent email address
could cause Bugzilla to stop working, causing a denial of service.
o Emails generated during a transaction made PostgreSQL stop working.
o Bugs containing a comment with a reference to a bug ID larger than 2^31
could not be displayed anymore using PostgreSQL.
o Emails sent by Bugzilla are now correctly encoded as UTF-8.
o The date picker in the "Time Summary" page was broken.
o If Test::Taint or any other Perl module required to use the JSON-RPC API
was not installed or was too old, the UI to tag comments was displayed
anyway, you could tag comments, but tags were not persistent (they were
lost on page reload). Now the UI to tag comments is not displayed at all
until the missing Perl modules are installed and up-to-date.
o Custom fields of type INTEGER now accept negative integers.
MFH: 2015Q3
Security: CVE-2015-4499
Security: ea893f06-5a92-11e5-98c0-20cf30e32f6d
|
Sunday, 31 May 2015
|
16:07 ohauer
- update to 4.4.9
|
Tuesday, 27 Jan 2015
|
21:33 ohauer
- update to 4.4.8
Release Notes:
https://www.bugzilla.org/releases/4.4.8/release-notes.html
This releases contains the following bug fix:
- Fixing a regression caused by bug 10902750 [1], JSON-RPC API calls could
crash in certain cases instead of displaying the proper error message.
(Bug 1124716) [2]
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124716
MFH: 2015Q1
|
Monday, 26 Jan 2015
|
20:28 ohauer
- update to 4.4.7
- adjust dependency
MFH: 2015Q1
Security: dc2d76df-a595-11e4-9363-20cf30e32f6d
CVE-2014-8630
|
Monday, 6 Oct 2014
|
19:16 ohauer
- update to bugzilla 4.4.6
Summary
=======
The following security issues have been discovered in Bugzilla:
* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
the insider group
* Specially formatted values in a CSV search results export could be
used in spreadsheet software to attack a user's computer.
Security: CVE-2014-1572
CVE-2014-1571
CVE-2014-1571
|
Friday, 25 Jul 2014
|
14:15 ohauer
- update to bugzilla44-4.4.5
Vulnerability Details
=====================
Class: Cross Site Request Forgery
Versions: 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In: 4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
which allows remote attackers to conduct cross-site
request forgery (CSRF) attacks against Bugzilla's JSONP
endpoint, possibly obtaining sensitive bug information,
via a crafted OBJECT element with SWF content satisfying
the character-set requirements of a callback API.
http://www.bugzilla.org/security/4.0.13/
MFH: 2014Q3
Security: 9defb2d6-1404-11e4-8cae-20cf30e32f6d
CVE-2014-1546
|
Sunday, 20 Apr 2014
|
17:26 ohauer
- update bugzilla to 4.4.4, 4.2.9, 4.0.13
- minor Makefile cleanup
This release fixes one regression introduced in Bugzilla by
security bug 968576: URLs in bug comments are displayed
correctly again. (Bug 998323)
Release Notes & Changes
=======================
Before installing or upgrading, you should read the Release Notes for
the new version of Bugzilla:
4.4.4: http://www.bugzilla.org/releases/4.4.4/release-notes.html
4.2.9: http://www.bugzilla.org/releases/4.2.9/release-notes.html
4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html
MFH: 2014Q2
|
Friday, 18 Apr 2014
|
18:54 ohauer
- commit forgotten distinfo
|
15:03 ohauer
- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs
Security: CVE-2014-1517
Security: 608ed765-c700-11e3-848c-20cf30e32f6d
Security: 60bfa396-c702-11e3-848c-20cf30e32f6d
|
Thursday, 17 Oct 2013
|
19:35 ohauer
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is
recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
|
Thursday, 20 Jun 2013
|
22:21 ohauer
New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44
Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html
|
Number of commits found: 14 |