cvs commit: ports/devel/bugzilla Makefile distinfo
ports/german/bugzilla
Makefile distinfo ports/russian/bugzilla-ru Makefile distinfo pkg-plist
olli hauer
ohauer at gmx.de
Tue Apr 10 09:25:35 UTC 2012
On 2012-04-10 10:48, Baptiste Daroussin wrote:
> would be nice to rename russian/buzilla-ru into russian/bugzilla to avoir having
> a package named: ru-bugzilla-ru
>
> regards,
> Bapt
Hi Babt,
this was already discussed, see thread
http://lists.freebsd.org/pipermail/cvs-ports/2011-June/218322.html
--
Regards,
olli
> On Tue, Apr 10, 2012 at 05:15:48AM +0000, Olli Hauer wrote:
>> ohauer 2012-04-10 05:15:48 UTC
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> devel/bugzilla Makefile distinfo
>> german/bugzilla Makefile distinfo
>> russian/bugzilla-ru Makefile distinfo pkg-plist
>> Log:
>> - update to 4.0.5
>>
>> Vulnerability Details
>> =====================
>>
>> Class: Cross-Site Request Forgery
>> Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
>> Fixed In: 4.0.5, 4.2
>> Description: Due to a lack of validation of the enctype form
>> attribute when making POST requests to xmlrpc.cgi,
>> a possible CSRF vulnerability was discovered. If a user
>> visits an HTML page with some malicious HTML code in it,
>> an attacker could make changes to a remote Bugzilla installation
>> on behalf of the victim's account by using the XML-RPC API
>> on a site running mod_perl. Sites running under mod_cgi
>> are not affected. Also the user would have had to be
>> already logged in to the target site for the vulnerability
>> to work.
>> References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
>> CVE Number: CVE-2012-0453
>>
>> Approved by: skv (implicit)
>>
>> Revision Changes Path
>> 1.92 +1 -1 ports/devel/bugzilla/Makefile
>> 1.49 +2 -2 ports/devel/bugzilla/distinfo
>> 1.6 +1 -1 ports/german/bugzilla/Makefile
>> 1.5 +2 -2 ports/german/bugzilla/distinfo
>> 1.15 +3 -2 ports/russian/bugzilla-ru/Makefile
>> 1.10 +2 -2 ports/russian/bugzilla-ru/distinfo
>> 1.7 +0 -1 ports/russian/bugzilla-ru/pkg-plist
More information about the cvs-ports
mailing list