2.22.4
Class: Cross-Site Scripting
Versions: 2.17.2 and higher
Description: When using the "Format for Printing" view of a bug (or
the "Long Format" of a bug list, which is the same thing),
there was a cross-site scripting hole--arbitrary text
from a particular URL parameter could be injected into the
page without filtering.
This commit is contained in:
adrianp
parent
0f925bb1b4
commit
81129e5118
3 changed files with 12 additions and 8 deletions
|
|
@ -1,7 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.28 2008/03/03 17:45:34 jlam Exp $
|
||||
# $NetBSD: Makefile,v 1.29 2008/05/06 19:36:39 adrianp Exp $
|
||||
#
|
||||
|
||||
DISTNAME= bugzilla-2.22.3
|
||||
DISTNAME= bugzilla-2.22.4
|
||||
CATEGORIES= www devel
|
||||
MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=webtools/}
|
||||
|
||||
|
|
@ -9,6 +9,8 @@ MAINTAINER= adrianp@NetBSD.org
|
|||
HOMEPAGE= http://www.bugzilla.org/
|
||||
COMMENT= Web based bug tracking system
|
||||
|
||||
CONFLICTS+= bugzilla-3.[0-9]*
|
||||
|
||||
DEPENDS+= p5-AppConfig>=1.52:../../devel/p5-AppConfig
|
||||
DEPENDS+= p5-CGI>=2.93:../../www/p5-CGI
|
||||
DEPENDS+= p5-DBI>=1.38:../../databases/p5-DBI
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
@comment $NetBSD: PLIST,v 1.13 2007/08/25 09:49:34 adrianp Exp $
|
||||
@comment $NetBSD: PLIST,v 1.14 2008/05/06 19:36:39 adrianp Exp $
|
||||
share/bugzilla/Bugzilla.pm
|
||||
share/bugzilla/Bugzilla/Attachment.pm
|
||||
share/bugzilla/Bugzilla/Auth.pm
|
||||
|
|
@ -70,6 +70,9 @@ share/bugzilla/config.cgi
|
|||
share/bugzilla/createaccount.cgi
|
||||
share/bugzilla/describecomponents.cgi
|
||||
share/bugzilla/describekeywords.cgi
|
||||
share/bugzilla/docs/html/keywords.html
|
||||
share/bugzilla/docs/html/sanitycheck.html
|
||||
share/bugzilla/docs/html/x767.html
|
||||
share/bugzilla/docs/html/Bugzilla-Guide.html
|
||||
share/bugzilla/docs/html/about.html
|
||||
share/bugzilla/docs/html/administration.html
|
||||
|
|
@ -156,7 +159,6 @@ share/bugzilla/docs/html/using.html
|
|||
share/bugzilla/docs/html/versions.html
|
||||
share/bugzilla/docs/html/voting.html
|
||||
share/bugzilla/docs/html/whining.html
|
||||
share/bugzilla/docs/html/x763.html
|
||||
share/bugzilla/duplicates.cgi
|
||||
share/bugzilla/duplicates.xul
|
||||
share/bugzilla/editclassifications.cgi
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
$NetBSD: distinfo,v 1.14 2007/08/25 09:49:34 adrianp Exp $
|
||||
$NetBSD: distinfo,v 1.15 2008/05/06 19:36:39 adrianp Exp $
|
||||
|
||||
SHA1 (bugzilla-2.22.3.tar.gz) = 461d1a754cdc4a9e26fc6936c48fbd7cf71fab14
|
||||
RMD160 (bugzilla-2.22.3.tar.gz) = 787f84e343297b1a8caee8310354e01f7c8cc2f8
|
||||
Size (bugzilla-2.22.3.tar.gz) = 1940974 bytes
|
||||
SHA1 (bugzilla-2.22.4.tar.gz) = 37b53606e04f00d21460f03f27c9a2dd2fda2820
|
||||
RMD160 (bugzilla-2.22.4.tar.gz) = bb5850ffcf85e08b18393569341255edfdd9d672
|
||||
Size (bugzilla-2.22.4.tar.gz) = 2114034 bytes
|
||||
SHA1 (patch-aa) = 1139740aac7497c85f274ae4153a867abe8194a2
|
||||
|
|
|
|||
Loading…
Reference in a new issue