freebsd-ports/devel/bugzilla
Olli Hauer bb7daf8882 - bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4

Summary
=======

The following security issues have been discovered in Bugzilla:

* Confidential product and component names can be disclosed to
  unauthorized users if they are used to control the visibility of
  a custom field.

* When calling the 'User.get' WebService method with a 'groups'
  argument, it is possible to check if the given group names exist
  or not.

* Due to incorrectly filtered field values in tabular reports, it is
  possible to inject code which can lead to XSS.

* When trying to mark an attachment in a bug you cannot see as
  obsolete, the description of the attachment is disclosed in the
  error message.

* A vulnerability in swfstore.swf from YUI2 can lead to XSS.

Feature safe: yes

Security:	CVE-2012-4199
		https://bugzilla.mozilla.org/show_bug.cgi?id=731178

		CVE-2012-4198
		https://bugzilla.mozilla.org/show_bug.cgi?id=781850

		CVE-2012-4189
		https://bugzilla.mozilla.org/show_bug.cgi?id=790296

		CVE-2012-4197
		https://bugzilla.mozilla.org/show_bug.cgi?id=802204

		CVE-2012-5475
		https://bugzilla.mozilla.org/show_bug.cgi?id=808845
		http://yuilibrary.com/support/20121030-vulnerability/
2012-11-14 19:29:42 +00:00
..
files
distinfo - bugzilla security updates to version(s) 2012-11-14 19:29:42 +00:00
Makefile - bugzilla security updates to version(s) 2012-11-14 19:29:42 +00:00
Makefile.common - Fix PORTSCOUT 2012-08-25 10:31:19 +00:00
Makefile.options
pkg-descr
pkg-plist - pkgng: cosmetic fix against lstat messages 2012-07-28 16:25:11 +00:00