diff options
| author | ohauer <ohauer@FreeBSD.org> | 2012-04-10 13:15:47 +0800 |
|---|---|---|
| committer | ohauer <ohauer@FreeBSD.org> | 2012-04-10 13:15:47 +0800 |
| commit | 9d0418c0d09494af0416b59c4e6a0767ce9974a1 (patch) | |
| tree | 0f5d15c362396eacf7830dc0a7a0628820b06a9f /russian | |
| parent | eae4da0e5ec89f71385f7b6b0778d857b34cd4f1 (diff) | |
| download | freebsd-ports-gnome-9d0418c0d09494af0416b59c4e6a0767ce9974a1.tar.gz freebsd-ports-gnome-9d0418c0d09494af0416b59c4e6a0767ce9974a1.tar.zst freebsd-ports-gnome-9d0418c0d09494af0416b59c4e6a0767ce9974a1.zip | |
- update to 4.0.5
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit)
Diffstat (limited to 'russian')
| -rw-r--r-- | russian/bugzilla-ru/Makefile | 5 | ||||
| -rw-r--r-- | russian/bugzilla-ru/distinfo | 4 | ||||
| -rw-r--r-- | russian/bugzilla-ru/pkg-plist | 1 |
3 files changed, 5 insertions, 5 deletions
diff --git a/russian/bugzilla-ru/Makefile b/russian/bugzilla-ru/Makefile index 3fdcf88d945e..0219405fef39 100644 --- a/russian/bugzilla-ru/Makefile +++ b/russian/bugzilla-ru/Makefile @@ -6,9 +6,10 @@ # PORTNAME= bugzilla -DISTVERSION= 4.0.2-ru-20110808 +DISTVERSION= 4.0.5-ru-20120227 CATEGORIES= russian -MASTER_SITES= http://ftp.mozilla-russia.org/bugzilla/ +MASTER_SITES= SF +MASTER_SITE_SUBDIR=bugzilla-ru/bugzilla-4.0-ru/${PORTVERSION:R:R} PKGNAMESUFFIX= -ru MAINTAINER= skv@FreeBSD.org diff --git a/russian/bugzilla-ru/distinfo b/russian/bugzilla-ru/distinfo index 8bcb8c8a2b0e..5296a6bb8127 100644 --- a/russian/bugzilla-ru/distinfo +++ b/russian/bugzilla-ru/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.0.2-ru-20110808.tar.gz) = d66d8833c1469378477340d1e3db736ed0877a60c647504b1f134f2dbf20991f -SIZE (bugzilla/bugzilla-4.0.2-ru-20110808.tar.gz) = 335194 +SHA256 (bugzilla/bugzilla-4.0.5-ru-20120227.tar.gz) = 67f9c7e8ef581808b4c0a4edd27910492bab0c0230f68c0f30ad750ad6266700 +SIZE (bugzilla/bugzilla-4.0.5-ru-20120227.tar.gz) = 336890 diff --git a/russian/bugzilla-ru/pkg-plist b/russian/bugzilla-ru/pkg-plist index 9821aa30366b..eb5ddf0f568b 100644 --- a/russian/bugzilla-ru/pkg-plist +++ b/russian/bugzilla-ru/pkg-plist @@ -254,7 +254,6 @@ @dirrmtry %%WWWDIR%%/template/ru-RU/default/flag @dirrmtry %%WWWDIR%%/template/ru-RU/default/extensions @dirrmtry %%WWWDIR%%/template/ru-RU/default/email -@dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/votes @dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/process @dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/create @dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/activity |