freebsd-ports/devel/bugzilla/distinfo
Olli Hauer 1a47fe9edb - security update bugzilla
new Versions: 3.6.10, 4.0.7, 4.2.2

  4.2.2

  This release fixes two security issues. See the Security Advisory for details.

  In addition, the following important fixes/changes have been made in this release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Some queries could trigger an invalid SQL query if strings entered by the user
    contained leading or trailing whitespaces. (Bug 760075)
  o The auto-completion form for keywords no longer automatically selects the
    first keyword in the list when the field is empty. (Bug 764517)
  o A regression in Bugzilla 4.2 prevented classifications from being used in
    graphical and tabular reports in the "Multiple Tables" field. (Bug 753688)
  o Attachments created by the email_in.pl script were associated to the wrong
    comment. (Bug 762785)
  o Very long dependency lists can now be viewed correctly. (Bug 762783)
  o Keywords are now correctly escaped in the auto-completion form to prevent any
    XSS abuse. (Bug 754561)
  o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
    the "Un-forget the search" link to not work correctly anymore when restoring a
    deleted saved search, because this link was lacking a valid token. (Bug 768870)
  o Two minor CSRF vulnerabilities have been fixed which could let an attacker
    alter your default search criteria in the Advanced Search page. (Bugs 754672
    and 754673)

  4.0.7

  This release fixes one security issue. See the Security Advisory for details.

  In addition, the following bugs have been fixed in this release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Keywords are now correctly escaped in the auto-complete form to prevent any
    XSS abuse. (Bug 754561)
  o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
    the "Un-forget the search" link to not work correctly anymore when restoring a
    deleted saved search, because this link was lacking a valid token. (Bug 768870)

  3.6.10

  This release fixes one security issue. See the Security Advisory for details.
  http://www.bugzilla.org/security/3.6.9/

Approved by:	implicit skv@ (bugzilla / bugzilla3)
Security:	CVE-2012-1968
		CVE-2012-1969
		https://bugzilla.mozilla.org/show_bug.cgi?id=777398
		https://bugzilla.mozilla.org/show_bug.cgi?id=777586
		vid=58253655-d82c-11e1-907c-20cf30e32f6d
2012-07-27 21:34:04 +00:00

3 lines
155 B
Plaintext

SHA256 (bugzilla/bugzilla-4.0.7.tar.gz) = edf3de89b8e6f16bdeaab4ef6b92902f6ed621bf2fcbc64430169ecf1004cfaf
SIZE (bugzilla/bugzilla-4.0.7.tar.gz) = 2801595