kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/devel/bugzilla40/pkg-descr
Olli Hauer de51be0645 - update to latest release [1] 
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743
2013-10-17 19:35:22 +00:00

22 lines
925 B
Text
Raw Blame History

Bugzilla is one example of a class of programs called "Defect Tracking
Systems", or, more commonly, "Bug-Tracking Systems". Defect Tracking
Systems allow individual or groups of developers to keep track of
outstanding bugs in their product effectively.
Bugzilla has matured immensely, and now boasts many advanced features.
These include:
* integrated, product-based granular security schema
* inter-bug dependencies and dependency graphing
* advanced reporting capabilities
* a robust, stable RDBMS back-end
* extensive configurability
* a very well-understood and well-thought-out natural bug resolution
protocol
* email, XML, console, and HTTP APIs
* available integration with automated software configuration
management systems, including Perforce and CVS (through the
Bugzilla email interface and checkin/checkout scripts)
* too many more features to list
WWW: http://www.bugzilla.org/
Reference in a new issue View git blame Copy permalink