From owner-svn-ports-all@FreeBSD.ORG  Wed Feb 20 06:16:03 2013
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id C8753F93;
 Wed, 20 Feb 2013 06:16:03 +0000 (UTC)
 (envelope-from ohauer@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id ACA4030C;
 Wed, 20 Feb 2013 06:16:03 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1K6G3gR055231;
 Wed, 20 Feb 2013 06:16:03 GMT (envelope-from ohauer@svn.freebsd.org)
Received: (from ohauer@localhost)
 by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1K6G1JW055221;
 Wed, 20 Feb 2013 06:16:01 GMT (envelope-from ohauer@svn.freebsd.org)
Message-Id: <201302200616.r1K6G1JW055221@svn.freebsd.org>
From: Olli Hauer <ohauer@FreeBSD.org>
Date: Wed, 20 Feb 2013 06:16:01 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r312611 - in head: devel/bugzilla devel/bugzilla3
 devel/bugzilla42 security/vuxml
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 06:16:03 -0000

Author: ohauer
Date: Wed Feb 20 06:16:01 2013
New Revision: 312611
URL: http://svnweb.freebsd.org/changeset/ports/312611

Log:
  - update bugzilla ports to latest version
  
    Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
    branch and the 3.6 branch, respectively. 4.0.10 contains several
    useful bug fixes and 3.6.13 contains only security fixes.
  
  Security:	CVE-2013-0785
  		CVE-2013-0786

Modified:
  head/devel/bugzilla/Makefile
  head/devel/bugzilla/distinfo
  head/devel/bugzilla3/Makefile
  head/devel/bugzilla3/distinfo
  head/devel/bugzilla42/Makefile
  head/devel/bugzilla42/distinfo
  head/security/vuxml/vuln.xml

Modified: head/devel/bugzilla/Makefile
==============================================================================
--- head/devel/bugzilla/Makefile	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/devel/bugzilla/Makefile	Wed Feb 20 06:16:01 2013	(r312611)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bugzilla
-PORTVERSION=	4.0.9
+PORTVERSION=	4.0.10
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
 MASTER_SITE_SUBDIR=	webtools webtools/archived

Modified: head/devel/bugzilla/distinfo
==============================================================================
--- head/devel/bugzilla/distinfo	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/devel/bugzilla/distinfo	Wed Feb 20 06:16:01 2013	(r312611)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.0.9.tar.gz) = af79b2f2b39f428e19122707d1334db5e447742ca6098f74803c35277117e394
-SIZE (bugzilla/bugzilla-4.0.9.tar.gz) = 2803607
+SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2
+SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655

Modified: head/devel/bugzilla3/Makefile
==============================================================================
--- head/devel/bugzilla3/Makefile	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/devel/bugzilla3/Makefile	Wed Feb 20 06:16:01 2013	(r312611)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bugzilla
-PORTVERSION=	3.6.12
+PORTVERSION=	3.6.13
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
 MASTER_SITE_SUBDIR=	webtools webtools/archived

Modified: head/devel/bugzilla3/distinfo
==============================================================================
--- head/devel/bugzilla3/distinfo	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/devel/bugzilla3/distinfo	Wed Feb 20 06:16:01 2013	(r312611)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-3.6.12.tar.gz) = 1b3ebd08545b0093cd64a6f2e6c1310c7e85e691c83bd79c10960329f1bdca77
-SIZE (bugzilla/bugzilla-3.6.12.tar.gz) = 2509580
+SHA256 (bugzilla/bugzilla-3.6.13.tar.gz) = b8432180e0c8caa8993130db069b30e338f245e46d8829a2c1cee19667820f08
+SIZE (bugzilla/bugzilla-3.6.13.tar.gz) = 2509771

Modified: head/devel/bugzilla42/Makefile
==============================================================================
--- head/devel/bugzilla42/Makefile	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/devel/bugzilla42/Makefile	Wed Feb 20 06:16:01 2013	(r312611)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bugzilla
-PORTVERSION=	4.2.4
+PORTVERSION=	4.2.5
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
 MASTER_SITE_SUBDIR=	webtools webtools/archived

Modified: head/devel/bugzilla42/distinfo
==============================================================================
--- head/devel/bugzilla42/distinfo	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/devel/bugzilla42/distinfo	Wed Feb 20 06:16:01 2013	(r312611)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.2.4.tar.gz) = bede0cf893ad8ac99715614af0cf4624bc0e8552852f51290f546006105ce695
-SIZE (bugzilla/bugzilla-4.2.4.tar.gz) = 2976363
+SHA256 (bugzilla/bugzilla-4.2.5.tar.gz) = d27bfc91903ad7317751452ed8064d6e2d76094b6325fd75dc4efb56edcc96bf
+SIZE (bugzilla/bugzilla-4.2.5.tar.gz) = 2973643

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Feb 20 02:24:12 2013	(r312610)
+++ head/security/vuxml/vuln.xml	Wed Feb 20 06:16:01 2013	(r312611)
@@ -51,6 +51,51 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="1c8a039b-7b23-11e2-b17b-20cf30e32f6d">
+    <topic>bugzilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>bugzilla</name>
+	<range><ge>3.6.0</ge><lt>3.6.13</lt></range>
+	<range><ge>4.0.0</ge><lt>4.0.10</lt></range>
+	<range><ge>4.2.0</ge><lt>4.2.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>A Bugzilla Security Advisory reports:</h1>
+	<blockquote cite="http://www.bugzilla.org/security/3.6.12/">
+	  <h1>Cross-Site Scripting</h1>
+	  <p>When viewing a single bug report, which is the default,
+	    the bug ID is validated and rejected if it is invalid.
+	    But when viewing several bug reports at once, which is
+	    specified by the format=multiple parameter, invalid bug
+	    IDs can go through and are sanitized in the HTML page
+	    itself. But when an invalid page format is passed to the
+	    CGI script, the wrong HTML page is called and data are not
+	    correctly sanitized, which can lead to XSS.</p>
+	  <h1>Information Leak</h1>
+	  <p>When running a query in debug mode, the generated SQL
+	    query used to collect the data is displayed. The way this
+	    SQL query is built permits the user to determine if some
+	    confidential field value (such as a product name) exists.
+	    This problem only affects Bugzilla 4.0.9 and older. Newer
+	  releases are not affected by this issue.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-0785</cvename>
+      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=842038</url>
+      <cvename>CVE-2013-0786</cvename>
+      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=824399</url>
+    </references>
+    <dates>
+      <discovery>2013-02-19</discovery>
+      <entry>2013-02-20</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02">
     <topic>mozilla -- multiple vulnerabilities</topic>
     <affects>