Date: Wed, 20 Feb 2013 06:16:01 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r312611 - in head: devel/bugzilla devel/bugzilla3 devel/bugzilla42 security/vuxml Message-ID: <201302200616.r1K6G1JW055221@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Wed Feb 20 06:16:01 2013 New Revision: 312611 URL: http://svnweb.freebsd.org/changeset/ports/312611 Log: - update bugzilla ports to latest version Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0 branch and the 3.6 branch, respectively. 4.0.10 contains several useful bug fixes and 3.6.13 contains only security fixes. Security: CVE-2013-0785 CVE-2013-0786 Modified: head/devel/bugzilla/Makefile head/devel/bugzilla/distinfo head/devel/bugzilla3/Makefile head/devel/bugzilla3/distinfo head/devel/bugzilla42/Makefile head/devel/bugzilla42/distinfo head/security/vuxml/vuln.xml Modified: head/devel/bugzilla/Makefile ============================================================================== --- head/devel/bugzilla/Makefile Wed Feb 20 02:24:12 2013 (r312610) +++ head/devel/bugzilla/Makefile Wed Feb 20 06:16:01 2013 (r312611) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.0.9 +PORTVERSION= 4.0.10 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived Modified: head/devel/bugzilla/distinfo ============================================================================== --- head/devel/bugzilla/distinfo Wed Feb 20 02:24:12 2013 (r312610) +++ head/devel/bugzilla/distinfo Wed Feb 20 06:16:01 2013 (r312611) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.0.9.tar.gz) = af79b2f2b39f428e19122707d1334db5e447742ca6098f74803c35277117e394 -SIZE (bugzilla/bugzilla-4.0.9.tar.gz) = 2803607 +SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2 +SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655 Modified: head/devel/bugzilla3/Makefile ============================================================================== --- head/devel/bugzilla3/Makefile Wed Feb 20 02:24:12 2013 (r312610) +++ head/devel/bugzilla3/Makefile Wed Feb 20 06:16:01 2013 (r312611) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 3.6.12 +PORTVERSION= 3.6.13 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived Modified: head/devel/bugzilla3/distinfo ============================================================================== --- head/devel/bugzilla3/distinfo Wed Feb 20 02:24:12 2013 (r312610) +++ head/devel/bugzilla3/distinfo Wed Feb 20 06:16:01 2013 (r312611) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-3.6.12.tar.gz) = 1b3ebd08545b0093cd64a6f2e6c1310c7e85e691c83bd79c10960329f1bdca77 -SIZE (bugzilla/bugzilla-3.6.12.tar.gz) = 2509580 +SHA256 (bugzilla/bugzilla-3.6.13.tar.gz) = b8432180e0c8caa8993130db069b30e338f245e46d8829a2c1cee19667820f08 +SIZE (bugzilla/bugzilla-3.6.13.tar.gz) = 2509771 Modified: head/devel/bugzilla42/Makefile ============================================================================== --- head/devel/bugzilla42/Makefile Wed Feb 20 02:24:12 2013 (r312610) +++ head/devel/bugzilla42/Makefile Wed Feb 20 06:16:01 2013 (r312611) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.2.4 +PORTVERSION= 4.2.5 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived Modified: head/devel/bugzilla42/distinfo ============================================================================== --- head/devel/bugzilla42/distinfo Wed Feb 20 02:24:12 2013 (r312610) +++ head/devel/bugzilla42/distinfo Wed Feb 20 06:16:01 2013 (r312611) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.2.4.tar.gz) = bede0cf893ad8ac99715614af0cf4624bc0e8552852f51290f546006105ce695 -SIZE (bugzilla/bugzilla-4.2.4.tar.gz) = 2976363 +SHA256 (bugzilla/bugzilla-4.2.5.tar.gz) = d27bfc91903ad7317751452ed8064d6e2d76094b6325fd75dc4efb56edcc96bf +SIZE (bugzilla/bugzilla-4.2.5.tar.gz) = 2973643 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Feb 20 02:24:12 2013 (r312610) +++ head/security/vuxml/vuln.xml Wed Feb 20 06:16:01 2013 (r312611) @@ -51,6 +51,51 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1c8a039b-7b23-11e2-b17b-20cf30e32f6d"> + <topic>bugzilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bugzilla</name> + <range><ge>3.6.0</ge><lt>3.6.13</lt></range> + <range><ge>4.0.0</ge><lt>4.0.10</lt></range> + <range><ge>4.2.0</ge><lt>4.2.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>A Bugzilla Security Advisory reports:</h1> + <blockquote cite="http://www.bugzilla.org/security/3.6.12/">; + <h1>Cross-Site Scripting</h1> + <p>When viewing a single bug report, which is the default, + the bug ID is validated and rejected if it is invalid. + But when viewing several bug reports at once, which is + specified by the format=multiple parameter, invalid bug + IDs can go through and are sanitized in the HTML page + itself. But when an invalid page format is passed to the + CGI script, the wrong HTML page is called and data are not + correctly sanitized, which can lead to XSS.</p> + <h1>Information Leak</h1> + <p>When running a query in debug mode, the generated SQL + query used to collect the data is displayed. The way this + SQL query is built permits the user to determine if some + confidential field value (such as a product name) exists. + This problem only affects Bugzilla 4.0.9 and older. Newer + releases are not affected by this issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-0785</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=842038</url>; + <cvename>CVE-2013-0786</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=824399</url>; + </references> + <dates> + <discovery>2013-02-19</discovery> + <entry>2013-02-20</entry> + </dates> + </vuln> + <vuln vid="e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02"> <topic>mozilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302200616.r1K6G1JW055221>