- update to latest release [1]

- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743

1 files changed, 61 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index d77c9823b8e2..b4c6a578d19f 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,67 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="e135f0c9-375f-11e3-80b7-20cf30e32f6d">
+    <topic>bugzilla -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>bugzilla</name>
+	<name>bugzilla40</name>
+	<name>bugzilla42</name>
+	<name>bugzilla44</name>
+	<range><ge>4.0.0</ge><lt>4.0.11</lt></range>
+	<range><ge>4.2.0</ge><lt>4.2.7</lt></range>
+	<range><ge>4.4</ge><lt>4.4.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>A Bugzilla Security Advisory reports:</h1>
+	<blockquote cite="http://www.bugzilla.org/security/4.0.10/">
+	  <h1>Cross-Site Request Forgery</h1>
+	  <p>When a user submits changes to a bug right after another
+	    user did, a midair collision page is displayed to inform
+	    the user about changes recently made. This page contains
+	    a token which can be used to validate the changes if the
+	    user decides to submit his changes anyway. A regression
+	    in Bugzilla 4.4 caused this token to be recreated if a
+	    crafted URL was given, even when no midair collision page
+	    was going to be displayed, allowing an attacker to bypass
+	    the token check and abuse a user to commit changes on his
+	    behalf.</p>
+	  <h1>Cross-Site Request Forgery</h1>
+	  <p>When an attachment is edited, a token is generated to
+	    validate changes made by the user. Using a crafted URL,
+	    an attacker could force the token to be recreated,
+	    allowing him to bypass the token check and abuse a user
+	  to commit changes on his behalf.</p>
+	  <h1>Cross-Site Scripting</h1>
+	  <p>Some parameters passed to editflagtypes.cgi were not
+	    correctly filtered in the HTML page, which could lead
+	    to XSS.</p>
+	  <h1>Cross-Site Scripting</h1>
+	  <p>Due to an incomplete fix for CVE-2012-4189, some
+	    incorrectly filtered field values in tabular reports
+	    could lead to XSS.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-1733</cvename>
+      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=911593</url>
+      <cvename>CVE-2013-1734</cvename>
+      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=913904</url>
+      <cvename>CVE-2013-1742</cvename>
+      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=924802</url>
+      <cvename>CVE-2013-1743</cvename>
+      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=924932</url>
+    </references>
+    <dates>
+      <discovery>2013-10-16</discovery>
+      <entry>2013-10-17</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8c9b48d1-3715-11e3-a624-00262d8b701d">
     <topic>dropbear -- exposure of sensitive information, DoS</topic>
     <affects>