/math/jama/

2014-12-01T23:19:07+00:00

2906ef0f2f38d1325ac6efcbbd423e1589bdeb13

- if PERL_LEVEL >= 501800, then also depend on devel/p5-Module-Pluggable Module::Pluggable from perl5.18 complains about deprection and this way cron job notice is no longer readable - bump PORTREVISION

- if PERL_LEVEL >= 501800, then also depend on devel/p5-Module-Pluggable
   Module::Pluggable from perl5.18 complains about deprection and this way
   cron job notice is no longer readable
- bump PORTREVISION

Cleanup plist 2014-10-27T10:10:58+00:00 Baptiste Daroussin bapt@FreeBSD.org 2014-10-27T10:10:58+00:00 e52c1f9d98293cc7561f357c085d783447947e35

- update to bugzilla 4.4.6 2014-10-06T19:16:42+00:00 Olli Hauer ohauer@FreeBSD.org 2014-10-06T19:16:42+00:00 6263943c18bc8050ece761a6601cff29b4388bf8 Summary ======= The following security issues have been discovered in Bugzilla: * The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who aren't in the insider group * Specially formatted values in a CSV search results export could be used in spreadsheet software to attack a user's computer. Security: CVE-2014-1572 CVE-2014-1571 CVE-2014-1571

Summary
=======
The following security issues have been discovered in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
  creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
  scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
  the insider group
* Specially formatted values in a CSV search results export could be
  used in spreadsheet software to attack a user's computer.

Security:	CVE-2014-1572
		CVE-2014-1571
		CVE-2014-1571

- update to bugzilla44-4.4.5 2014-07-25T14:15:55+00:00 Olli Hauer ohauer@FreeBSD.org 2014-07-25T14:15:55+00:00 6c5dffd4fdde9c538ba0117d630c2de2b42c0ce7 Vulnerability Details ===================== Class: Cross Site Request Forgery Versions: 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4 Fixed In: 4.0.14, 4.2.10, 4.4.5, 4.5.5 Description: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. http://www.bugzilla.org/security/4.0.13/ MFH: 2014Q3 Security: 9defb2d6-1404-11e4-8cae-20cf30e32f6d CVE-2014-1546

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.

http://www.bugzilla.org/security/4.0.13/

MFH:		2014Q3
Security:	9defb2d6-1404-11e4-8cae-20cf30e32f6d
		CVE-2014-1546

- update to 4.0.12, 4.2.8, 4.4.3 2014-04-18T15:03:41+00:00 Olli Hauer ohauer@FreeBSD.org 2014-04-18T15:03:41+00:00 b38505a4898d490f4b9995d15e5a4afac92e4ff5 - move BINMODE to Makefile.common so it is also used in the language packs Security: CVE-2014-1517 Security: 608ed765-c700-11e3-848c-20cf30e32f6d Security: 60bfa396-c702-11e3-848c-20cf30e32f6d

- move BINMODE to Makefile.common so it is also used in the language packs

Security:	CVE-2014-1517
Security:	608ed765-c700-11e3-848c-20cf30e32f6d
Security:	60bfa396-c702-11e3-848c-20cf30e32f6d

- update to latest release [1] 2013-10-17T19:35:22+00:00 Olli Hauer ohauer@FreeBSD.org 2013-10-17T19:35:22+00:00 de51be064576665a3ae57b3954ef23019ca45632 - use PKGNAMESUFFIX instead LATEST_LINK - whitespace cleanup - svn mv */bugzilla to */bugzilla40 - add vuxml entry 4.4.1, 4.2.7, and 4.0.11 Security Advisory Wednesday Oct 16th, 2013 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only can lead to a bug being edited without the user consent. * A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. * Several unfiltered parameters when editing flagtypes can lead to XSS. * Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered field values in tabular reports can lead to XSS. All affected installations are encouraged to upgrade as soon as possible. [1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d CVE-2013-1733 CVE-2013-1734 CVE-2013-1742 CVE-2013-1743

- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743

New ports for bugzilla44 2013-06-20T22:21:36+00:00 Olli Hauer ohauer@FreeBSD.org 2013-06-20T22:21:36+00:00 dba4cdc6e5bae4f122afbcc31cdf0d93cfd9d479 - devel/bugzilla44 - japanese/bugzilla44 - german/bugzilla44 Release Notes: http://www.bugzilla.org/releases/4.4/release-notes.html

- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44

Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html