diff options
| -rw-r--r-- | devel/bugzilla/Makefile | 2 | ||||
| -rw-r--r-- | devel/bugzilla/distinfo | 4 | ||||
| -rw-r--r-- | devel/bugzilla3/Makefile | 2 | ||||
| -rw-r--r-- | devel/bugzilla3/distinfo | 4 | ||||
| -rw-r--r-- | devel/bugzilla42/Makefile | 2 | ||||
| -rw-r--r-- | devel/bugzilla42/distinfo | 4 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 45 |
7 files changed, 54 insertions, 9 deletions
diff --git a/devel/bugzilla/Makefile b/devel/bugzilla/Makefile index 509e5c40579c..65d3f15650ac 100644 --- a/devel/bugzilla/Makefile +++ b/devel/bugzilla/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.0.9 +PORTVERSION= 4.0.10 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived diff --git a/devel/bugzilla/distinfo b/devel/bugzilla/distinfo index 1de7f3984149..ba3c595a3602 100644 --- a/devel/bugzilla/distinfo +++ b/devel/bugzilla/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.0.9.tar.gz) = af79b2f2b39f428e19122707d1334db5e447742ca6098f74803c35277117e394 -SIZE (bugzilla/bugzilla-4.0.9.tar.gz) = 2803607 +SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2 +SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655 diff --git a/devel/bugzilla3/Makefile b/devel/bugzilla3/Makefile index 62cb7bad09a7..5da1f082a047 100644 --- a/devel/bugzilla3/Makefile +++ b/devel/bugzilla3/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 3.6.12 +PORTVERSION= 3.6.13 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived diff --git a/devel/bugzilla3/distinfo b/devel/bugzilla3/distinfo index ae276a77af25..a9cc96be86a1 100644 --- a/devel/bugzilla3/distinfo +++ b/devel/bugzilla3/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-3.6.12.tar.gz) = 1b3ebd08545b0093cd64a6f2e6c1310c7e85e691c83bd79c10960329f1bdca77 -SIZE (bugzilla/bugzilla-3.6.12.tar.gz) = 2509580 +SHA256 (bugzilla/bugzilla-3.6.13.tar.gz) = b8432180e0c8caa8993130db069b30e338f245e46d8829a2c1cee19667820f08 +SIZE (bugzilla/bugzilla-3.6.13.tar.gz) = 2509771 diff --git a/devel/bugzilla42/Makefile b/devel/bugzilla42/Makefile index 218c075e5168..2039900c98ab 100644 --- a/devel/bugzilla42/Makefile +++ b/devel/bugzilla42/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.2.4 +PORTVERSION= 4.2.5 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived diff --git a/devel/bugzilla42/distinfo b/devel/bugzilla42/distinfo index 0e3200562660..6ab5b4d72dcf 100644 --- a/devel/bugzilla42/distinfo +++ b/devel/bugzilla42/distinfo @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.2.4.tar.gz) = bede0cf893ad8ac99715614af0cf4624bc0e8552852f51290f546006105ce695 -SIZE (bugzilla/bugzilla-4.2.4.tar.gz) = 2976363 +SHA256 (bugzilla/bugzilla-4.2.5.tar.gz) = d27bfc91903ad7317751452ed8064d6e2d76094b6325fd75dc4efb56edcc96bf +SIZE (bugzilla/bugzilla-4.2.5.tar.gz) = 2973643 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7fc6b22e08a6..8feeefb8e97e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,51 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1c8a039b-7b23-11e2-b17b-20cf30e32f6d"> + <topic>bugzilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bugzilla</name> + <range><ge>3.6.0</ge><lt>3.6.13</lt></range> + <range><ge>4.0.0</ge><lt>4.0.10</lt></range> + <range><ge>4.2.0</ge><lt>4.2.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>A Bugzilla Security Advisory reports:</h1> + <blockquote cite="http://www.bugzilla.org/security/3.6.12/"> + <h1>Cross-Site Scripting</h1> + <p>When viewing a single bug report, which is the default, + the bug ID is validated and rejected if it is invalid. + But when viewing several bug reports at once, which is + specified by the format=multiple parameter, invalid bug + IDs can go through and are sanitized in the HTML page + itself. But when an invalid page format is passed to the + CGI script, the wrong HTML page is called and data are not + correctly sanitized, which can lead to XSS.</p> + <h1>Information Leak</h1> + <p>When running a query in debug mode, the generated SQL + query used to collect the data is displayed. The way this + SQL query is built permits the user to determine if some + confidential field value (such as a product name) exists. + This problem only affects Bugzilla 4.0.9 and older. Newer + releases are not affected by this issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-0785</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=842038</url> + <cvename>CVE-2013-0786</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=824399</url> + </references> + <dates> + <discovery>2013-02-19</discovery> + <entry>2013-02-20</entry> + </dates> + </vuln> + <vuln vid="e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> |