FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
309542b5-50b9-11e1-b0d8-00151735203abugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

  • Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user account. Such email addresses could look visually identical to other valid email addresses, and an attacker could try to confuse other users and be added to bugs he shouldn't have access to.
  • Cross-Site Request Forgery: Due to a lack of validation of the Content-Type head when making POST requests to jsonrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious JS code in it, an attacker could make changes to a remote Bugzilla installation on behalf of the victim's account by using the JSON-RPC API. The user would have had to be already logged in to the target site for the vulnerability to work.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2012-01-31
Entry 2012-02-06
bugzilla
ge 2.4.* lt 3.6.8

ge 4.0.* lt 4.0.4

CVE-2012-0448
CVE-2012-0440
https://bugzilla.mozilla.org/show_bug.cgi?id=714472
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
0c7a3ee2-3654-11e1-b404-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

  • Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to inject code leading to XSS.
  • The User.offer_account_by_email WebService method ignores the user_can_create_account setting of the authentication method and generates an email with a token in it which the user can use to create an account. Depending on the authentication method being active, this could allow the user to log in using this account. Installations where the createemailregexp parameter is empty are not vulnerable to this issue.
  • The creation of bug reports and of attachments is not protected by a token and so they can be created without the consent of a user if the relevant code is embedded in an HTML page and the user visits this page. This behavior was intentional to let third-party applications submit new bug reports and attachments easily. But as this behavior can be abused by a malicious user, it has been decided to block submissions with no valid token starting from version 4.2rc1. Older branches are not patched to not break these third-party applications after the upgrade.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2011-11-28
Entry 2012-01-05
bugzilla
ge 2.4.* lt 3.6.7

ge 4.0.* lt 4.0.3

CVE-2011-3657
CVE-2011-3667
CVE-2011-3668
CVE-2011-3669
https://bugzilla.mozilla.org/show_bug.cgi?id=697699
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
https://bugzilla.mozilla.org/show_bug.cgi?id=703975
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
1c8a039b-7b23-11e2-b17b-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

Cross-Site Scripting

When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go through and are sanitized in the HTML page itself. But when an invalid page format is passed to the CGI script, the wrong HTML page is called and data are not correctly sanitized, which can lead to XSS.

Information Leak

When running a query in debug mode, the generated SQL query used to collect the data is displayed. The way this SQL query is built permits the user to determine if some confidential field value (such as a product name) exists. This problem only affects Bugzilla 4.0.9 and older. Newer releases are not affected by this issue.


Discovery 2013-02-19
Entry 2013-02-20
Modified 2013-03-31
bugzilla
de-bugzilla
ru-bugzilla
ja-bugzilla
ge 3.6.0 lt 3.6.13

ge 4.0.0 lt 4.0.10

ge 4.2.0 lt 4.2.5

CVE-2013-0785
https://bugzilla.mozilla.org/show_bug.cgi?id=842038
CVE-2013-0786
https://bugzilla.mozilla.org/show_bug.cgi?id=824399
6ad18fe5-f469-11e1-920d-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

LDAP Injection

When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection.

Directory Browsing

Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data. Directory browsing is blocked in Bugzilla 4.3.3 only, because it requires a configuration change in the Apache httpd.conf file to allow local .htaccess files to use Options -Indexes. To not break existing installations, this fix has not been backported to stable branches. The access to templates is blocked for all supported branches except the old 3.6 branch, because this branch doesn't have .htaccess in the bzr repository and cannot be fixed easily for existing installations without potentially conflicting with custom changes.


Discovery 2012-08-30
Entry 2012-09-01
bugzilla
ge 3.6.0 lt 3.6.11

ge 4.0.0 lt 4.0.8

ge 4.2.0 lt 4.2.3

CVE-2012-3981
https://bugzilla.mozilla.org/show_bug.cgi?id=785470
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
https://bugzilla.mozilla.org/show_bug.cgi?id=785511
2b841f88-2e8d-11e2-ad21-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

Information Leak

If the visibility of a custom field is controlled by a product or a component of a product you cannot see, their names are disclosed in the JavaScript code generated for this custom field despite they should remain confidential.

Calling the User.get method with a 'groups' argument leaks the existence of the groups depending on whether an error is thrown or not. This method now also throws an error if the user calling this method does not belong to these groups (independently of whether the groups exist or not).

Trying to mark an attachment in a bug you cannot see as obsolete discloses its description in the error message. The description of the attachment is now removed from the error message.

Cross-Site Scripting

Due to incorrectly filtered field values in tabular reports, it is possible to inject code leading to XSS.

A vulnerability in swfstore.swf from YUI2 allows JavaScript injection exploits to be created against domains that host this affected YUI .swf file.


Discovery 2012-11-13
Entry 2012-11-14
Modified 2012-11-27
bugzilla
ge 3.6.0 lt 3.6.12

ge 4.0.0 lt 4.0.9

ge 4.2.0 lt 4.2.4

CVE-2012-4199
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
CVE-2012-4198
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
CVE-2012-4197
https://bugzilla.mozilla.org/show_bug.cgi?id=802204
CVE-2012-4189
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
CVE-2012-5881
CVE-2012-5882
CVE-2012-5883
https://bugzilla.mozilla.org/show_bug.cgi?id=808845
http://yuilibrary.com/support/20121030-vulnerability/
09c87973-8b9d-11e1-b393-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

Unauthorized Access

Due to a lack of proper validation of the X-FORWARDED-FOR header of an authentication request, an attacker could bypass the current lockout policy used for protection against brute- force password discovery. This vulnerability can only be exploited if the 'inbound_proxies' parameter is set.

Cross Site Scripting

A JavaScript template used by buglist.cgi could be used by a malicious script to permit an attacker to gain access to some information about bugs he would not normally be allowed to see, using the victim's credentials. To be exploitable, the victim must be logged in when visiting the attacker's malicious page.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2012-04-18
Entry 2012-04-21
bugzilla
ge 3.6.0 lt 3.6.9

ge 4.0.0 lt 4.0.6

CVE-2012-0465
CVE-2012-0466
https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
58253655-d82c-11e1-907c-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

Information Leak

Versions: 4.1.1 to 4.2.1, 4.3.1

In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachment description if the user is allowed to see the bug or attachment. But when validating user permissions when generating the email, the permissions of the user who edited the bug were taken into account instead of the permissions of the addressee. This means that confidential information could be disclosed to the addressee if the other user has more privileges than the addressee. Plain text bugmails are not affected as bug and attachment IDs are not linkified.

Information Leak

Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1

The description of a private attachment could be visible to a user who hasn't permissions to access this attachment if the attachment ID is mentioned in a public comment in a bug that the user can see.


Discovery 2012-07-26
Entry 2012-07-27
bugzilla
ge 3.6.0 lt 3.6.10

ge 4.0.0 lt 4.0.7

ge 4.2.0 lt 4.2.2

CVE-2012-1968
CVE-2012-1969
https://bugzilla.mozilla.org/show_bug.cgi?id=777398
https://bugzilla.mozilla.org/show_bug.cgi?id=777586