Commit graph

6 commits

Author SHA1 Message Date
Olli Hauer
172b0533e8 - update german bugzilla templates 2013-10-19 10:19:44 +00:00
Olli Hauer
de51be0645 - update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743
2013-10-17 19:35:22 +00:00
Olli Hauer
c0e86f6715 - add STAGE support to bugzilla ports
- remove bugzilla3 CONFLICTS
2013-09-26 19:00:40 +00:00
Baptiste Daroussin
a285ade910 Add NO_STAGE all over the place in preparation for the staging support (cat: german) 2013-09-20 18:30:00 +00:00
Olli Hauer
a93bfceaf7 - fix build
Thanks to tijl@
2013-07-20 16:20:27 +00:00
Olli Hauer
dba4cdc6e5 New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44

Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html
2013-06-20 22:21:36 +00:00