pkgsrc-wip

History

David Brownlee 48711e5421 Update to 2.16.6 Many changes, most notable security fixes: Class: Information Leak Versions: All versions prior to 2.16.6 and 2.18rc1 Description: If Bugzilla is configured to hide entire products from some users, both duplicates.cgi and the form for mass-editing a list of bugs in buglist.cgi can disclose the names of those hidden products to such users. References: http://bugzilla.mozilla.org/show_bug.cgi?id=234825 http://bugzilla.mozilla.org/show_bug.cgi?id=234855 Class: Cross-site scripting vulnerability Versions: All versions prior to 2.16.6 and 2.18rc1 Description: Several administration CGIs echo invalid data back to the user without escaping it. Reference: http://bugzilla.mozilla.org/show_bug.cgi?id=235265 Class: Remote SQL injection vulnerability Versions: All versions prior to 2.16.6 and 2.18rc1 Description: A user with privileges to grant membership to any group (i.e. usually an administrator) can trick editusers.cgi into executing arbitrary SQL. Reference: http://bugzilla.mozilla.org/show_bug.cgi?id=244272 Also treat bugzilla.conf and localconfig as CONF_FILES		2004-07-14 10:49:56 +00:00
..
files	minor fixes	2003-08-22 13:00:16 +00:00
DEINSTALL	Bugzilla is one example of a class of programs called "Defect Tracking	2003-04-18 04:16:52 +00:00
DESCR	Drop trailing whitespace. Ok'ed by wiz.	2003-05-06 17:46:05 +00:00
distinfo	Update to 2.16.6	2004-07-14 10:49:56 +00:00
Makefile	Update to 2.16.6	2004-07-14 10:49:56 +00:00
MESSAGE	Added changes suggested by David Brownlee after testing on -current.	2004-04-02 13:52:14 +00:00
PLIST	Update to 2.16.6	2004-07-14 10:49:56 +00:00
TODO	Update to 2.16.6	2004-07-14 10:49:56 +00:00