diff options
| author | ohauer <ohauer@FreeBSD.org> | 2013-02-20 14:16:01 +0800 |
|---|---|---|
| committer | ohauer <ohauer@FreeBSD.org> | 2013-02-20 14:16:01 +0800 |
| commit | 0902213adb8ac989bd82eb0f14ffcdb9d90d907f (patch) | |
| tree | afa6df0d8b56a4fc6b1eaac5529a64ee8915ea2c | |
| parent | 0faf1dc2bb8f82d8689c481d3900148fb85359c1 (diff) | |
| download | freebsd-ports-gnome-0902213adb8ac989bd82eb0f14ffcdb9d90d907f.tar.gz freebsd-ports-gnome-0902213adb8ac989bd82eb0f14ffcdb9d90d907f.tar.zst freebsd-ports-gnome-0902213adb8ac989bd82eb0f14ffcdb9d90d907f.zip | |
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786
| -rw-r--r-- | devel/bugzilla/Makefile | 2 | ||||
| -rw-r--r-- | devel/bugzilla/distinfo | 4 | ||||
| -rw-r--r-- | devel/bugzilla3/Makefile | 2 | ||||
| -rw-r--r-- | devel/bugzilla3/distinfo | 4 | ||||
| -rw-r--r-- | devel/bugzilla42/Makefile | 2 | ||||
| -rw-r--r-- | devel/bugzilla42/distinfo | 4 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 45 |
7 files changed, 54 insertions, 9 deletions
diff --git a/devel/bugzilla/Makefile b/devel/bugzilla/Makefile index 509e5c40579c..65d3f15650ac 100644 --- a/devel/bugzilla/Makefile +++ b/devel/bugzilla/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.0.9 +PORTVERSION= 4.0.10 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived diff --git a/devel/bugzilla/distinfo b/devel/bugzilla/distinfo index 1de7f3984149..ba3c595a3602 100644 --- a/devel/bugzilla/distinfo +++ b/devel/bugzilla/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.0.9.tar.gz) = af79b2f2b39f428e19122707d1334db5e447742ca6098f74803c35277117e394 -SIZE (bugzilla/bugzilla-4.0.9.tar.gz) = 2803607 +SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2 +SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655 diff --git a/devel/bugzilla3/Makefile b/devel/bugzilla3/Makefile index 62cb7bad09a7..5da1f082a047 100644 --- a/devel/bugzilla3/Makefile +++ b/devel/bugzilla3/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 3.6.12 +PORTVERSION= 3.6.13 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived diff --git a/devel/bugzilla3/distinfo b/devel/bugzilla3/distinfo index ae276a77af25..a9cc96be86a1 100644 --- a/devel/bugzilla3/distinfo +++ b/devel/bugzilla3/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-3.6.12.tar.gz) = 1b3ebd08545b0093cd64a6f2e6c1310c7e85e691c83bd79c10960329f1bdca77 -SIZE (bugzilla/bugzilla-3.6.12.tar.gz) = 2509580 +SHA256 (bugzilla/bugzilla-3.6.13.tar.gz) = b8432180e0c8caa8993130db069b30e338f245e46d8829a2c1cee19667820f08 +SIZE (bugzilla/bugzilla-3.6.13.tar.gz) = 2509771 diff --git a/devel/bugzilla42/Makefile b/devel/bugzilla42/Makefile index 218c075e5168..2039900c98ab 100644 --- a/devel/bugzilla42/Makefile +++ b/devel/bugzilla42/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.2.4 +PORTVERSION= 4.2.5 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived diff --git a/devel/bugzilla42/distinfo b/devel/bugzilla42/distinfo index 0e3200562660..6ab5b4d72dcf 100644 --- a/devel/bugzilla42/distinfo +++ b/devel/bugzilla42/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.2.4.tar.gz) = bede0cf893ad8ac99715614af0cf4624bc0e8552852f51290f546006105ce695 -SIZE (bugzilla/bugzilla-4.2.4.tar.gz) = 2976363 +SHA256 (bugzilla/bugzilla-4.2.5.tar.gz) = d27bfc91903ad7317751452ed8064d6e2d76094b6325fd75dc4efb56edcc96bf +SIZE (bugzilla/bugzilla-4.2.5.tar.gz) = 2973643 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7fc6b22e08a6..8feeefb8e97e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,51 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1c8a039b-7b23-11e2-b17b-20cf30e32f6d"> + <topic>bugzilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bugzilla</name> + <range><ge>3.6.0</ge><lt>3.6.13</lt></range> + <range><ge>4.0.0</ge><lt>4.0.10</lt></range> + <range><ge>4.2.0</ge><lt>4.2.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>A Bugzilla Security Advisory reports:</h1> + <blockquote cite="http://www.bugzilla.org/security/3.6.12/"> + <h1>Cross-Site Scripting</h1> + <p>When viewing a single bug report, which is the default, + the bug ID is validated and rejected if it is invalid. + But when viewing several bug reports at once, which is + specified by the format=multiple parameter, invalid bug + IDs can go through and are sanitized in the HTML page + itself. But when an invalid page format is passed to the + CGI script, the wrong HTML page is called and data are not + correctly sanitized, which can lead to XSS.</p> + <h1>Information Leak</h1> + <p>When running a query in debug mode, the generated SQL + query used to collect the data is displayed. The way this + SQL query is built permits the user to determine if some + confidential field value (such as a product name) exists. + This problem only affects Bugzilla 4.0.9 and older. Newer + releases are not affected by this issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-0785</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=842038</url> + <cvename>CVE-2013-0786</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=824399</url> + </references> + <dates> + <discovery>2013-02-19</discovery> + <entry>2013-02-20</entry> + </dates> + </vuln> + <vuln vid="e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> |