de51be0645
- use PKGNAMESUFFIX instead LATEST_LINK - whitespace cleanup - svn mv */bugzilla to */bugzilla40 - add vuxml entry 4.4.1, 4.2.7, and 4.0.11 Security Advisory Wednesday Oct 16th, 2013 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only can lead to a bug being edited without the user consent. * A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. * Several unfiltered parameters when editing flagtypes can lead to XSS. * Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered field values in tabular reports can lead to XSS. All affected installations are encouraged to upgrade as soon as possible. [1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d CVE-2013-1733 CVE-2013-1734 CVE-2013-1742 CVE-2013-1743 |
||
|---|---|---|
| .. | ||
| distinfo | ||
| Makefile | ||
| pkg-descr | ||
| pkg-message | ||
| pkg-plist | ||