svn commit: r312611 - in head: devel/bugzilla devel/bugzilla3 devel/bugzilla42 security/vuxml
Olli Hauer
ohauer at FreeBSD.org
Wed Feb 20 06:16:03 UTC 2013
Author: ohauer
Date: Wed Feb 20 06:16:01 2013
New Revision: 312611
URL: http://svnweb.freebsd.org/changeset/ports/312611
Log:
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786
Modified:
head/devel/bugzilla/Makefile
head/devel/bugzilla/distinfo
head/devel/bugzilla3/Makefile
head/devel/bugzilla3/distinfo
head/devel/bugzilla42/Makefile
head/devel/bugzilla42/distinfo
head/security/vuxml/vuln.xml
Modified: head/devel/bugzilla/Makefile
==============================================================================
--- head/devel/bugzilla/Makefile Wed Feb 20 02:24:12 2013 (r312610)
+++ head/devel/bugzilla/Makefile Wed Feb 20 06:16:01 2013 (r312611)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
-PORTVERSION= 4.0.9
+PORTVERSION= 4.0.10
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
Modified: head/devel/bugzilla/distinfo
==============================================================================
--- head/devel/bugzilla/distinfo Wed Feb 20 02:24:12 2013 (r312610)
+++ head/devel/bugzilla/distinfo Wed Feb 20 06:16:01 2013 (r312611)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.0.9.tar.gz) = af79b2f2b39f428e19122707d1334db5e447742ca6098f74803c35277117e394
-SIZE (bugzilla/bugzilla-4.0.9.tar.gz) = 2803607
+SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2
+SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655
Modified: head/devel/bugzilla3/Makefile
==============================================================================
--- head/devel/bugzilla3/Makefile Wed Feb 20 02:24:12 2013 (r312610)
+++ head/devel/bugzilla3/Makefile Wed Feb 20 06:16:01 2013 (r312611)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
-PORTVERSION= 3.6.12
+PORTVERSION= 3.6.13
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
Modified: head/devel/bugzilla3/distinfo
==============================================================================
--- head/devel/bugzilla3/distinfo Wed Feb 20 02:24:12 2013 (r312610)
+++ head/devel/bugzilla3/distinfo Wed Feb 20 06:16:01 2013 (r312611)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-3.6.12.tar.gz) = 1b3ebd08545b0093cd64a6f2e6c1310c7e85e691c83bd79c10960329f1bdca77
-SIZE (bugzilla/bugzilla-3.6.12.tar.gz) = 2509580
+SHA256 (bugzilla/bugzilla-3.6.13.tar.gz) = b8432180e0c8caa8993130db069b30e338f245e46d8829a2c1cee19667820f08
+SIZE (bugzilla/bugzilla-3.6.13.tar.gz) = 2509771
Modified: head/devel/bugzilla42/Makefile
==============================================================================
--- head/devel/bugzilla42/Makefile Wed Feb 20 02:24:12 2013 (r312610)
+++ head/devel/bugzilla42/Makefile Wed Feb 20 06:16:01 2013 (r312611)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
-PORTVERSION= 4.2.4
+PORTVERSION= 4.2.5
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
Modified: head/devel/bugzilla42/distinfo
==============================================================================
--- head/devel/bugzilla42/distinfo Wed Feb 20 02:24:12 2013 (r312610)
+++ head/devel/bugzilla42/distinfo Wed Feb 20 06:16:01 2013 (r312611)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.2.4.tar.gz) = bede0cf893ad8ac99715614af0cf4624bc0e8552852f51290f546006105ce695
-SIZE (bugzilla/bugzilla-4.2.4.tar.gz) = 2976363
+SHA256 (bugzilla/bugzilla-4.2.5.tar.gz) = d27bfc91903ad7317751452ed8064d6e2d76094b6325fd75dc4efb56edcc96bf
+SIZE (bugzilla/bugzilla-4.2.5.tar.gz) = 2973643
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Feb 20 02:24:12 2013 (r312610)
+++ head/security/vuxml/vuln.xml Wed Feb 20 06:16:01 2013 (r312611)
@@ -51,6 +51,51 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1c8a039b-7b23-11e2-b17b-20cf30e32f6d">
+ <topic>bugzilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>bugzilla</name>
+ <range><ge>3.6.0</ge><lt>3.6.13</lt></range>
+ <range><ge>4.0.0</ge><lt>4.0.10</lt></range>
+ <range><ge>4.2.0</ge><lt>4.2.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>A Bugzilla Security Advisory reports:</h1>
+ <blockquote cite="http://www.bugzilla.org/security/3.6.12/">
+ <h1>Cross-Site Scripting</h1>
+ <p>When viewing a single bug report, which is the default,
+ the bug ID is validated and rejected if it is invalid.
+ But when viewing several bug reports at once, which is
+ specified by the format=multiple parameter, invalid bug
+ IDs can go through and are sanitized in the HTML page
+ itself. But when an invalid page format is passed to the
+ CGI script, the wrong HTML page is called and data are not
+ correctly sanitized, which can lead to XSS.</p>
+ <h1>Information Leak</h1>
+ <p>When running a query in debug mode, the generated SQL
+ query used to collect the data is displayed. The way this
+ SQL query is built permits the user to determine if some
+ confidential field value (such as a product name) exists.
+ This problem only affects Bugzilla 4.0.9 and older. Newer
+ releases are not affected by this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0785</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=842038</url>
+ <cvename>CVE-2013-0786</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=824399</url>
+ </references>
+ <dates>
+ <discovery>2013-02-19</discovery>
+ <entry>2013-02-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list