Commit graph

12 commits

Author SHA1 Message Date
Pav Lucistnik
a6b9ddac1d - Update to 2.16.7, a security release:
Class:       Unauthorized Bug Change
Versions:    2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
	     message to process_bug.cgi which will remove keywords from
	     a bug even if you don't have permissions to edit all bug
	     fields (the "editbugs" permission).  Such changes are
	     reported in "bug changed" email notifications, so they are
	     easily detected and reversed if someone abuses it.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=252638

- Correct SQL command in pkg-message

PR:		ports/71161, ports/73166
Submitted by:	Dmitry A Grigorovich <odip@bionet.nsc.ru>
2004-10-27 19:23:53 +00:00
Edwin Groothuis
a69b025bfe [PATCH] devel/bugzilla: update to 2.16.6
- Update to 2.16.6

PR:		ports/69105
Submitted by:	TAKATSU Tomonari <tota@rtfm.jp>
2004-07-17 05:22:20 +00:00
Oliver Eikemeier
8be7372f0d - update devel/bugzilla to 2.16.5
- new slave port japanese/bugzilla

PR:		68318, 68319
Submitted by:	TAKATSU Tomonari <tota@rtfm.jp>
2004-06-30 08:27:10 +00:00
Trevor Johnson
0c881ba59c SIZEify. 2004-01-29 07:24:56 +00:00
James E. Housley
1b1d295810 There are several security related problem in bugzilla 2.16.3 and earlier,
The bugzilla developer released a security advisory.
see: http://www.bugzilla.org/security/2.16.3/

PR:		58905
Submitted by:	Kang Liu
2003-11-21 11:36:02 +00:00
Max Khon
389d9a9348 Security update to 2.16.3.
See http://www.bugzilla.org/security/2.16.2/.

PR:		52096
2003-05-12 13:54:49 +00:00
Max Khon
c3a03942b9 Update to 2.16.2
PR:		47883
2003-03-24 14:45:34 +00:00
Alexey Zelkin
4d15848cd8 Update to 2.14.4 (one more security update)
PR:		ports/43883
Submitted by:	Jason Li <delphij@frontfree.net>
2002-10-11 14:28:29 +00:00
Alexey Zelkin
3c8d362837 Update to 2.14.3.
Fixes broken in 2.14.2 ability to sort bug lists on more then one field
and possible security hole with contrib/bug_email.pl and
contrib/bugzilla_email_append.pl scripts.

This is bugfix release and latest release from 2.14 branch. This update
provided for 2.14 users who would like to stay with 2.14. All new users
should wait until port is updated to 2.16.
2002-08-18 15:33:46 +00:00
Alexey Zelkin
324d367a6b Update to 2.14.2. This is security update! Upgrade recomended!
PR:		ports/39041
Submitted by:	Paul Marquis <pmarquis@pobox.com>
2002-07-08 15:03:44 +00:00
Alexey Zelkin
9c5942db4b Update to 2.14.1 (security update). Upgrade to all users highly
recomended!

From Security Advisory for Bugzilla:

: *** SECURITY ISSUES RESOLVED ***
:
: - Multiple instances of user-account hijacking capability were fixed (Bugs
: 54901, 108385, 185516)
:
: - Two occurrences of allowing data protected by Bugzilla's groupset
: restrictions to be visible to users outside of those groups were fixes
: (Bugs 102141, 108821)
:
: - One instance of an untrusted variable being echoed back to a user via
: HTML was fixed (Bug 98146)
:
: - Multiple instances of untrusted variables being passed to SQL queries
: were fixed (Bugs 108812, 108822, 109679, 109690)
2002-01-08 11:03:19 +00:00
Alexey Zelkin
8fb5fbc340 Add bugzilla 2.14, bug-tracking system developed by Mozilla Project 2001-10-01 13:18:55 +00:00