| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
|
| |
|
|
| |
- remove bugzilla3 CONFLICTS
|
| |
|
|
| |
german)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3
The following important fixes/changes have been made in this release:
o MySQL 5.6 is now supported. (Bug 852560)
o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
installing Bugzilla for the first time. (Bug 858911)
o If a custom field depends on a product, component or classification,
the "mandatory" bit was ignored on bug creation. (Bug 782210)
o Queries involving flags were broken in several ways.
These queries have been fixed. (Bug 828344)
o Tabular reports involving the empty resolution did not link bug
counts correctly. (Bug 212471)
o The Bug.search WebService method was returning all visible bugs
when called with no arguments, ignoring the max_search_results
and search_allow_no_criteria parameters. (Bug 859118)
Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html
|
| | |
|
| |
|
|
|
|
| |
- remove hotfixes from german templates
Feature safe: yes
|
| |
|
|
| |
Feature safe: yes
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use new bugzilla@ address (members skv@, tota@, ohauer@)
- patch russian/japanese/german bugzilla and bugzilla templates
so the reflect the security updates in the original templates
- patch german/bugzilla42 templates
- adopt new Makefile header
vuxml: 6ad18fe5-f469-11e1-920d-20cf30e32f6d
CVE: CVE-2012-3981
https://bugzilla.mozilla.org/show_bug.cgi?id=785470
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
https://bugzilla.mozilla.org/show_bug.cgi?id=785511
|
| | |
|
| |
|
|
|
|
|
| |
- patch language templates so they match current bugzilla version.
Patches are seen as workaround until official Version is released.
Fix for bugzilla42 contains security updates.
|
|
|
- add patch to german/bugzilla so it reflects the security update
- adjust version number in tempplates (3,6,10 / 4.0.7)
|
