freebsd-ports/devel/bugzilla/distinfo at 9fbf08320c77cb0a63b85c5b76797ec58768d949 - kpriv/freebsd-ports - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/freebsd-ports

Olli Hauer 03efecffe1 - update to version 3.6.7

- CVE-2011-3657
- CVE-2011-3667

Summary
=======

The following security issues have been discovered in Bugzilla:

* When viewing tabular or graphical reports as well as new charts,
  an XSS vulnerability is possible in debug mode.

* The User.offer_account_by_email WebService method lets you create
  a new user account even if the active authentication method forbids
  users to create an account.

* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
  lead to the creation of unwanted bug reports and attachments.

All affected installations are encouraged to upgrade as soon as possible.

Full Release Notes:
http://www.bugzilla.org/security/3.4.12/

Approved by:	skv@ (explicit)

2012-01-05 17:25:28 +00:00

2 lines

155 B

Text

Raw Blame History

	`SHA256 (bugzilla/bugzilla-4.0.3.tar.gz) = 0b24b5b44f9f14dd127f86bb2e560ac99e1dfba258bc0d8677968a9f3633435c`
	`SIZE (bugzilla/bugzilla-4.0.3.tar.gz) = 2991669`