summaryrefslogtreecommitdiff
path: root/devel/bugzilla3/distinfo (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - remove expired bugzilla3 portsOlli Hauer2013-08-291-2/+0
| | | | Notes: svn path=/head/; revision=325632
* - update bugzilla ports to latest versionOlli Hauer2013-02-201-2/+2
| | | | | | | | | | | | Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0 branch and the 3.6 branch, respectively. 4.0.10 contains several useful bug fixes and 3.6.13 contains only security fixes. Security: CVE-2013-0785 CVE-2013-0786 Notes: svn path=/head/; revision=312611
* - bugzilla security updates to version(s)Olli Hauer2012-11-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.6.11, 4.0.8, 4.2.4 Summary ======= The following security issues have been discovered in Bugzilla: * Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field. * When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if the given group names exist or not. * Due to incorrectly filtered field values in tabular reports, it is possible to inject code which can lead to XSS. * When trying to mark an attachment in a bug you cannot see as obsolete, the description of the attachment is disclosed in the error message. * A vulnerability in swfstore.swf from YUI2 can lead to XSS. Feature safe: yes Security: CVE-2012-4199 https://bugzilla.mozilla.org/show_bug.cgi?id=731178 CVE-2012-4198 https://bugzilla.mozilla.org/show_bug.cgi?id=781850 CVE-2012-4189 https://bugzilla.mozilla.org/show_bug.cgi?id=790296 CVE-2012-4197 https://bugzilla.mozilla.org/show_bug.cgi?id=802204 CVE-2012-5475 https://bugzilla.mozilla.org/show_bug.cgi?id=808845 http://yuilibrary.com/support/20121030-vulnerability/ Notes: svn path=/head/; revision=307425
* - update bugzilla bugzilla3 and bugzilla42Olli Hauer2012-09-011-2/+2
| | | | | | | | | | | | | | | | | - use new bugzilla@ address (members skv@, tota@, ohauer@) - patch russian/japanese/german bugzilla and bugzilla templates so the reflect the security updates in the original templates - patch german/bugzilla42 templates - adopt new Makefile header vuxml: 6ad18fe5-f469-11e1-920d-20cf30e32f6d CVE: CVE-2012-3981 https://bugzilla.mozilla.org/show_bug.cgi?id=785470 https://bugzilla.mozilla.org/show_bug.cgi?id=785522 https://bugzilla.mozilla.org/show_bug.cgi?id=785511 Notes: svn path=/head/; revision=303519
* - security update bugzillaOlli Hauer2012-07-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | new Versions: 3.6.10, 4.0.7, 4.2.2 4.2.2 This release fixes two security issues. See the Security Advisory for details. In addition, the following important fixes/changes have been made in this release: o A regression introduced in Bugzilla 4.0 caused some login names to be ignored when entered in the CC list of bugs. (Bug 756314) o Some queries could trigger an invalid SQL query if strings entered by the user contained leading or trailing whitespaces. (Bug 760075) o The auto-completion form for keywords no longer automatically selects the first keyword in the list when the field is empty. (Bug 764517) o A regression in Bugzilla 4.2 prevented classifications from being used in graphical and tabular reports in the "Multiple Tables" field. (Bug 753688) o Attachments created by the email_in.pl script were associated to the wrong comment. (Bug 762785) o Very long dependency lists can now be viewed correctly. (Bug 762783) o Keywords are now correctly escaped in the auto-completion form to prevent any XSS abuse. (Bug 754561) o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused the "Un-forget the search" link to not work correctly anymore when restoring a deleted saved search, because this link was lacking a valid token. (Bug 768870) o Two minor CSRF vulnerabilities have been fixed which could let an attacker alter your default search criteria in the Advanced Search page. (Bugs 754672 and 754673) 4.0.7 This release fixes one security issue. See the Security Advisory for details. In addition, the following bugs have been fixed in this release: o A regression introduced in Bugzilla 4.0 caused some login names to be ignored when entered in the CC list of bugs. (Bug 756314) o Keywords are now correctly escaped in the auto-complete form to prevent any XSS abuse. (Bug 754561) o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused the "Un-forget the search" link to not work correctly anymore when restoring a deleted saved search, because this link was lacking a valid token. (Bug 768870) 3.6.10 This release fixes one security issue. See the Security Advisory for details. http://www.bugzilla.org/security/3.6.9/ Approved by: implicit skv@ (bugzilla / bugzilla3) Security: CVE-2012-1968 CVE-2012-1969 https://bugzilla.mozilla.org/show_bug.cgi?id=777398 https://bugzilla.mozilla.org/show_bug.cgi?id=777586 vid=58253655-d82c-11e1-907c-20cf30e32f6d Notes: svn path=/head/; revision=301625
* - security update to bugzilla 3.0.9 and 4.0.6Olli Hauer2012-04-211-2/+2
| | | | | | | | | | | | | | | - update russian/bugzilla3-ru template - patch german templates so revision match and no warning is displayed - add vuxml entry Approved by: skv (implicit) Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639 https://bugzilla.mozilla.org/show_bug.cgi?id=745397 CVE-2012-0465 CVE-2012-0466 Notes: svn path=/head/; revision=295200
* Update to 3.6.8Sergey Skvortsov2012-02-061-2/+2
| | | | | | | | Changes: http://www.bugzilla.org/releases/3.6.8/release-notes.html#v36_point Security: http://www.vuxml.org/freebsd/309542b5-50b9-11e1-b0d8-00151735203a.html Notes: svn path=/head/; revision=290487
* - update to version 3.6.7Olli Hauer2012-01-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - CVE-2011-3657 - CVE-2011-3667 Summary ======= The following security issues have been discovered in Bugzilla: * When viewing tabular or graphical reports as well as new charts, an XSS vulnerability is possible in debug mode. * The User.offer_account_by_email WebService method lets you create a new user account even if the active authentication method forbids users to create an account. * A CSRF vulnerability in post_bug.cgi and in attachment.cgi could lead to the creation of unwanted bug reports and attachments. All affected installations are encouraged to upgrade as soon as possible. Full Release Notes: http://www.bugzilla.org/security/3.4.12/ Approved by: skv@ (explicit) Notes: svn path=/head/; revision=288552
* Update to 3.6.6Sergey Skvortsov2011-08-131-2/+2
| | | | | | | | Changes: http://www.bugzilla.org/releases/3.6.6/release-notes.html Security: http://www.vuxml.org/freebsd/dc8741b9-c5d5-11e0-8a8e-00151735203a.html Notes: svn path=/head/; revision=279621
* - create missing (empty) directory (bugzilla) so checksetup does not failOlli Hauer2011-07-181-2/+2
| | | | | | | | | | | | | - use DIST_SUBDIR for bugzilla and all translations - sort pkg-plist (genplist) OK from bugzilla maintainers per PM. PR: ports/158766 Submitted by: ohauer Notes: svn path=/head/; revision=277919
* - Copy devel/bugzilla to devel/bugzilla3; russian/bugzilla-ru to ↵Sergey Skvortsov2011-06-071-2/+2
| | | | | | | | | | | | | russian/bugzilla3-ru - Update devel/bugzilla, russian/bugzilla-ru to 4.0.1 - Update devel/bugzilla3, russian/bugzilla3-ru to 3.6.5 Changes: http://www.bugzilla.org/releases/4.0.1/release-notes.html http://www.bugzilla.org/releases/3.6.5/release-notes.html Notes: svn path=/head/; revision=275189
* Update to 3.6.4Sergey Skvortsov2011-01-251-2/+2
| | | | | | | | | Changes: http://www.bugzilla.org/releases/3.6.4/release-notes.html Security: http://www.vuxml.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html Feature safe: yes Notes: svn path=/head/; revision=268222
* - Update to 3.6.3 [1]TAKATSU Tomonari2010-12-121-3/+2
| | | | | | | | | | | | | | | - Use WWWDIR instead of some other custom locations [2] - Add Makefile.common which Makefiles in devel/bugzilla, russian/bugzilla-ru and japanese/bugzilla include to use WWWDIR in common [2] Changes: http://www.bugzilla.org/releases/3.6.3/release-notes.html [1] Security: http://www.bugzilla.org/security/3.2.8/ [1] PR: ports/151912 [1], [2] Submitted by: ohauer [1], tota (myself) [2] Approved by: skv Notes: svn path=/head/; revision=266108
* Update to 3.6.2Sergey Skvortsov2010-09-061-3/+3
| | | | | | | | | | Changes: http://www.bugzilla.org/releases/3.6.2/release-notes.html Security: http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html PR: ports/149721 Submitted by: ohauer Notes: svn path=/head/; revision=260628
* Update to 3.6.1Sergey Skvortsov2010-07-051-3/+3
| | | | | | | | | | | Changes: http://www.bugzilla.org/releases/3.6.1/release-notes.html Security: http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html PR: ports/148149 Submitted by: olli hauer <ohauer@gmx.de> Feature safe: yes Notes: svn path=/head/; revision=257409
* Update to 3.6Sergey Skvortsov2010-04-161-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.6/release-notes.html Notes: svn path=/head/; revision=252754
* Update to 3.4.6Sergey Skvortsov2010-03-081-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.4.6/release-notes.html Notes: svn path=/head/; revision=250694
* - Update to 3.4.5 [1]Sergey Skvortsov2010-02-011-3/+3
| | | | | | | | | | | | - Use $SUB_FILES & $SUB_LIST to dynamically adjust pkg-message [2] Changes: http://www.bugzilla.org/security/3.0.10/ [1] Security: http://www.vuxml.org/freebsd/696053c6-0f50-11df-a628-001517351c22.html PR: ports/142446 [2] Submitted by: Sevan Janiyan <venture37 xx geeklan.co.uk> [2] Notes: svn path=/head/; revision=249036
* Update to 3.4.4.Sergey Skvortsov2009-11-231-3/+3
| | | | | | | | Changes: http://www.bugzilla.org/security/3.4.3/ Security: http://www.vuxml.org/freebsd/92ca92c1-d859-11de-89f9-001517351c22.html Notes: svn path=/head/; revision=244692
* Update to 3.4.3Sergey Skvortsov2009-11-121-3/+3
| | | | | | | | | Changes: http://www.bugzilla.org/releases/3.4.3/release-notes.html PR: ports/140327 Submitted by: Sahil Tandon <sahil xx tandon.net> Notes: svn path=/head/; revision=244175
* Update to 3.4.2.Sergey Skvortsov2009-09-171-3/+3
| | | | | | | | | Changes: http://www.bugzilla.org/security/3.0.8/ Security: http://www.vuxml.org/freebsd/b9ec7fe3-a38a-11de-9c6b-003048818f40.html Feature safe: yes Notes: svn path=/head/; revision=241582
* Update to 3.4.1.Sergey Skvortsov2009-08-171-3/+3
| | | | | | | | Changes: http://www.bugzilla.org/security/3.4/ Security: http://www.vuxml.org/freebsd/d67b517d-8214-11de-88ea-001a4d49522b.html Notes: svn path=/head/; revision=239733
* Update to 3.4Sergey Skvortsov2009-07-301-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.4/release-notes.html Notes: svn path=/head/; revision=238679
* Update to 3.2.3Sergey Skvortsov2009-04-121-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.2.3/release-notes.html#v32_point Notes: svn path=/head/; revision=232239
* Update to 3.2.2Sergey Skvortsov2009-02-141-3/+3
| | | | | | | | | Changes: http://www.bugzilla.org/releases/3.2.2/release-notes.html PR: ports/131404 Submitted by: pgollucci Notes: svn path=/head/; revision=228327
* Update to 3.2Sergey Skvortsov2008-12-011-3/+3
| | | | | | | | | Changes: http://www.bugzilla.org/releases/3.2/release-notes.html PR: ports/129333 Submitted by: Eygene Ryabinkin <rea-fbsd xx codelabs.ru> Notes: svn path=/head/; revision=223663
* Update to 3.0.6Sergey Skvortsov2008-11-071-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.0.6/release-notes.html Notes: svn path=/head/; revision=222496
* Update to 3.0.5Sergey Skvortsov2008-08-151-3/+3
| | | | | | | | Changes: http://www.bugzilla.org/releases/3.0.5/release-notes.html Security: http://www.vuxml.org/freebsd/1d96305d-6ae6-11dd-91d5-000c29d47fd7.html Notes: svn path=/head/; revision=218640
* Update to 3.0.4Sergey Skvortsov2008-07-281-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.0.4/release-notes.html#v30_point Notes: svn path=/head/; revision=217755
* Update to 3.0.3Sergey Skvortsov2008-02-071-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.0.3/release-notes.html#v30_point Notes: svn path=/head/; revision=206816
* Update to 3.0.2Sergey Skvortsov2007-09-221-3/+3
| | | | | | | | | | PR: ports/116517 Submitted by: Nick Barkas <snb xxx threerings.net> Changes: http://www.bugzilla.org/releases/3.0.2/release-notes.html Security: http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html Notes: svn path=/head/; revision=199896
* Update to 3.0.1Sergey Skvortsov2007-08-301-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/3.0.1/release-notes.html Notes: svn path=/head/; revision=198522
* Upgrade Bugzilla to 3.0; repocopy 2.x branch to devel/bugzilla2Sergey Skvortsov2007-05-271-3/+3
| | | | Notes: svn path=/head/; revision=192026
* * update to 2.22.2Sergey Skvortsov2007-02-121-3/+3
| | | | | | | | | | | | * remove EMAIL_GATEWAY option (it's by default now) * add dependency on p5-Mail-Tools [1] Changes: http://www.bugzilla.org/releases/2.22.2/release-notes.html PR: ports/103453 [1] Submitted by: Cezary Morga <cezarym@data.pl> [1] Notes: svn path=/head/; revision=185004
* Update to 2.22.1Sergey Skvortsov2006-11-151-3/+3
| | | | | | | | | Changes: http://www.bugzilla.org/releases/2.22.1/release-notes.html PR: ports/105554 Sumbitted by: Ulrich Spoerlein <uspoerlein xxx gmail.com> Notes: svn path=/head/; revision=177322
* Update to 2.22Sergey Skvortsov2006-05-021-3/+3
| | | | | | | Changes: http://www.bugzilla.org/releases/2.22/release-notes.html Notes: svn path=/head/; revision=161193
* Update Bugzilla to 2.20.1Sergey Skvortsov2006-02-271-3/+3
| | | | | | | | | Approved by: portmgr (clement) Pointed by: mnag Security: http://vuxml.FreeBSD.org/46f7b598-a781-11da-906a-fde5cdde365e Notes: svn path=/head/; revision=156860
* SHA256ifyEdwin Groothuis2006-01-221-0/+1
| | | | | | | Approved by: krion@ Notes: svn path=/head/; revision=154141
* Update to 2.20Sergey Skvortsov2005-10-061-2/+2
| | | | Notes: svn path=/head/; revision=144393
* Update to 2.18.3, bug-fixes:Sergey Skvortsov2005-07-111-2/+2
| | | | | | | | | | | * https://bugzilla.mozilla.org/show_bug.cgi?id=293159 * https://bugzilla.mozilla.org/show_bug.cgi?id=292544 Reported by: simon Security: http://vuxml.freebsd.org/6e33f4ab-efed-11d9-8310-0001020eed82.html Notes: svn path=/head/; revision=138914
* Update to 2.18.1Sergey Skvortsov2005-06-081-2/+2
| | | | | | | | PR: ports/81583 Submitted by: Choe, Cheng-Dae <whitekid at gmail.com> Notes: svn path=/head/; revision=137062
* - Update to 2.18Pav Lucistnik2005-01-241-2/+2
| | | | | | | | PR: ports/76531 Submitted by: "Choe, Cheng-Dae" <whitekid@gmail.com> Notes: svn path=/head/; revision=127194
* - Update to 2.16.7, a security release:Pav Lucistnik2004-10-271-2/+2
| | | | | | | | | | | | | | | | | | | | Class: Unauthorized Bug Change Versions: 2.9 through 2.18rc2 and 2.19 Description: It is possible to send a carefully crafted HTTP POST message to process_bug.cgi which will remove keywords from a bug even if you don't have permissions to edit all bug fields (the "editbugs" permission). Such changes are reported in "bug changed" email notifications, so they are easily detected and reversed if someone abuses it. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=252638 - Correct SQL command in pkg-message PR: ports/71161, ports/73166 Submitted by: Dmitry A Grigorovich <odip@bionet.nsc.ru> Notes: svn path=/head/; revision=120335
* [PATCH] devel/bugzilla: update to 2.16.6Edwin Groothuis2004-07-171-2/+2
| | | | | | | | | | - Update to 2.16.6 PR: ports/69105 Submitted by: TAKATSU Tomonari <tota@rtfm.jp> Notes: svn path=/head/; revision=113791
* - update devel/bugzilla to 2.16.5Oliver Eikemeier2004-06-301-2/+2
| | | | | | | | | | - new slave port japanese/bugzilla PR: 68318, 68319 Submitted by: TAKATSU Tomonari <tota@rtfm.jp> Notes: svn path=/head/; revision=112603
* SIZEify.Trevor Johnson2004-01-291-0/+1
| | | | Notes: svn path=/head/; revision=99360
* There are several security related problem in bugzilla 2.16.3 and earlier,James E. Housley2003-11-211-1/+1
| | | | | | | | | | | The bugzilla developer released a security advisory. see: http://www.bugzilla.org/security/2.16.3/ PR: 58905 Submitted by: Kang Liu Notes: svn path=/head/; revision=94627
* Security update to 2.16.3.Max Khon2003-05-121-1/+1
| | | | | | | | | See http://www.bugzilla.org/security/2.16.2/. PR: 52096 Notes: svn path=/head/; revision=80828
* Update to 2.16.2Max Khon2003-03-241-1/+1
| | | | | | | PR: 47883 Notes: svn path=/head/; revision=77390
* Update to 2.14.4 (one more security update)Alexey Zelkin2002-10-111-1/+1
| | | | | | | | PR: ports/43883 Submitted by: Jason Li <delphij@frontfree.net> Notes: svn path=/head/; revision=67815
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 06:10:11 +0000