- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3
The following important fixes/changes have been made in this release:
o MySQL 5.6 is now supported. (Bug 852560)
o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
installing Bugzilla for the first time. (Bug 858911)
o If a custom field depends on a product, component or classification,
the "mandatory" bit was ignored on bug creation. (Bug 782210)
o Queries involving flags were broken in several ways.
These queries have been fixed. (Bug 828344)
o Tabular reports involving the empty resolution did not link bug
counts correctly. (Bug 212471)
o The Bug.search WebService method was returning all visible bugs
when called with no arguments, ignoring the max_search_results
and search_allow_no_criteria parameters. (Bug 859118)
Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html
- patch language templates so they match current bugzilla version.
Patches are seen as workaround until official Version is released.
Fix for bugzilla42 contains security updates.
