cvs commit: ports/devel/bugzilla Makefile distinfo ports/german/bugzilla Makefile distinfo ports/russian/bugzilla-ru Makefile distinfo pkg-plist

Baptiste Daroussin bapt at FreeBSD.org
Tue Apr 10 08:48:05 UTC 2012


would be nice to rename russian/buzilla-ru into russian/bugzilla to avoir having
a package named: ru-bugzilla-ru

regards,
Bapt
On Tue, Apr 10, 2012 at 05:15:48AM +0000, Olli Hauer wrote:
> ohauer      2012-04-10 05:15:48 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     devel/bugzilla       Makefile distinfo 
>     german/bugzilla      Makefile distinfo 
>     russian/bugzilla-ru  Makefile distinfo pkg-plist 
>   Log:
>   - update to 4.0.5
>   
>   Vulnerability Details
>   =====================
>   
>   Class:       Cross-Site Request Forgery
>   Versions:    4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
>   Fixed In:    4.0.5, 4.2
>   Description: Due to a lack of validation of the enctype form
>                attribute when making POST requests to xmlrpc.cgi,
>                a possible CSRF vulnerability was discovered. If a user
>                visits an HTML page with some malicious HTML code in it,
>                an attacker could make changes to a remote Bugzilla installation
>                on behalf of the victim's account by using the XML-RPC API
>                on a site running mod_perl. Sites running under mod_cgi
>                are not affected. Also the user would have had to be
>                already logged in to the target site for the vulnerability
>                to work.
>   References:  https://bugzilla.mozilla.org/show_bug.cgi?id=725663
>   CVE Number:  CVE-2012-0453
>   
>   Approved by:    skv (implicit)
>   
>   Revision  Changes    Path
>   1.92      +1 -1      ports/devel/bugzilla/Makefile
>   1.49      +2 -2      ports/devel/bugzilla/distinfo
>   1.6       +1 -1      ports/german/bugzilla/Makefile
>   1.5       +2 -2      ports/german/bugzilla/distinfo
>   1.15      +3 -2      ports/russian/bugzilla-ru/Makefile
>   1.10      +2 -2      ports/russian/bugzilla-ru/distinfo
>   1.7       +0 -1      ports/russian/bugzilla-ru/pkg-plist
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20120410/969d874c/attachment.pgp


More information about the cvs-ports mailing list