diff options
| author | ohauer <ohauer@FreeBSD.org> | 2012-04-22 01:37:42 +0800 |
|---|---|---|
| committer | ohauer <ohauer@FreeBSD.org> | 2012-04-22 01:37:42 +0800 |
| commit | a858d1c8735b35a0b81b2a8f339995fee9778117 (patch) | |
| tree | 8aa770f5997d643918e44f16d3855005d0a00811 /security/vuxml | |
| parent | 2d82fbb557fb90f0666ceb4d423e449e1b8d0291 (diff) | |
| download | freebsd-ports-gnome-a858d1c8735b35a0b81b2a8f339995fee9778117.tar.gz freebsd-ports-gnome-a858d1c8735b35a0b81b2a8f339995fee9778117.tar.zst freebsd-ports-gnome-a858d1c8735b35a0b81b2a8f339995fee9778117.zip | |
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry
Approved by: skv (implicit)
Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
CVE-2012-0465
CVE-2012-0466
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a4fe0176b504..0ced112433b9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,52 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="09c87973-8b9d-11e1-b393-20cf30e32f6d"> + <topic>bugzilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bugzilla</name> + <range><ge>3.6.0</ge><lt>3.6.9</lt></range> + <range><ge>4.0.0</ge><lt>4.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>A Bugzilla Security Advisory reports:</h1> + <blockquote cite="http://www.bugzilla.org/security/3.6.8/"> + <p>The following security issues have been discovered in Bugzilla:</p> + <h1>Unauthorized Access</h1> + <p>Due to a lack of proper validation of the X-FORWARDED-FOR + header of an authentication request, an attacker could bypass + the current lockout policy used for protection against brute- + force password discovery. This vulnerability can only be + exploited if the 'inbound_proxies' parameter is set. + </p> + <h1>Cross Site Scripting</h1> + <p>A JavaScript template used by buglist.cgi could be used + by a malicious script to permit an attacker to gain access + to some information about bugs he would not normally be + allowed to see, using the victim's credentials. To be + exploitable, the victim must be logged in when visiting + the attacker's malicious page. + </p> + <p>All affected installations are encouraged to upgrade as soon as + possible.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-0465</cvename> + <cvename>CVE-2012-0466</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=728639</url> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=745397</url> + </references> + <dates> + <discovery>2012-04-18</discovery> + <entry>2012-04-21</entry> + </dates> + </vuln> + <vuln vid="67516177-88ec-11e1-9a10-0023ae8e59f0"> <topic>typo -- Cross-Site Scripting</topic> <affects> |