1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

- update to latest release [1]

- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743
This commit is contained in:
Olli Hauer 2013-10-17 19:35:22 +00:00
parent ffc964c93f
commit de51be0645
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=330666
43 changed files with 108 additions and 77 deletions

3
MOVED
View File

@ -5116,3 +5116,6 @@ audio/akode-plugins-oss||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-pulseaudio||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-resampler||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-xiph||2013-10-17|Removed: Dependency of KDE 3.x
german/bugzilla|german/bugzilla40|2013-10-17|Reflect PORTNAME
japanese/bugzilla|japanese/bugzilla40|2013-10-17|Reflect PORTNAME
russian/bugzilla|russian/bugzilla40|2013-10-17|Reflect PORTNAME

View File

@ -147,7 +147,7 @@
SUBDIR += bsdlibdwarf
SUBDIR += bufferpool
SUBDIR += bug-buddy
SUBDIR += bugzilla
SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += build

View File

@ -1,2 +0,0 @@
SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2
SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655

View File

@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
PORTVERSION= 4.0.10
PORTVERSION= 4.0.11
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
@ -44,8 +44,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib t xt
USE_APACHE_RUN= 22+
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=2.9003:${PORTSDIR}/databases/p5-DBD-mysql
@ -175,4 +173,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>

View File

@ -1,8 +1,10 @@
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
PKGNAMESUFFIX= 40
CONFLICTS_INSTALL= \
bugzilla4[^0].* \
bugzilla-4.[^0].*
PORTSCOUT= limit:^4\.0\.

View File

@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \
EXPORT_IMPORT \
CONTRIB
OPTIONS_GROUP_ATTACHMENT= \
OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
OPTIONS_GROUP_AUTH= \
OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS

View File

@ -0,0 +1,2 @@
SHA256 (bugzilla/bugzilla-4.0.11.tar.gz) = d2e454a5a705f3728a6645c27793f7c8d3058dda675704eac4a9a856f16b0c0f
SIZE (bugzilla/bugzilla-4.0.11.tar.gz) = 2785420

View File

@ -971,6 +971,8 @@
@dirrmtry %%WWWDIR%%/js/yui
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
@ -996,8 +998,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
@dirrmtry %%WWWDIR%%/data
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML
@ -1030,9 +1030,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
@exec mkdir -p %D/%%WWWDIR%%/xt
@exec mkdir -p %D/%%WWWDIR%%/t
@exec mkdir -p %D/%%WWWDIR%%/lib
@exec mkdir -p %D/%%WWWDIR%%/graphs
@exec mkdir -p %D/%%WWWDIR%%/data
@exec mkdir -p %D/%%WWWDIR%%/contrib

View File

@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
PORTVERSION= 4.2.6
PORTVERSION= 4.2.7
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
@ -25,8 +25,6 @@ RUN_DEPENDS= \
p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \
p5-URI>=1.37:${PORTSDIR}/net/p5-URI
LATEST_LINK= bugzilla42
USES= perl5
USE_PERL5= patch run build
@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib t xt
USE_APACHE_RUN= 22+
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql
@ -184,4 +180,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>

View File

@ -1,8 +1,10 @@
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
PKGNAMESUFFIX= 42
CONFLICTS_INSTALL= \
bugzilla4[^2].* \
bugzilla-4.[^2].*
PORTSCOUT= limitw:1,even

View File

@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \
EXPORT_IMPORT \
CONTRIB
OPTIONS_GROUP_ATTACHMENT= \
OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
OPTIONS_GROUP_AUTH= \
OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS

View File

@ -1,2 +1,2 @@
SHA256 (bugzilla/bugzilla-4.2.6.tar.gz) = 16ede21f92e672ed19aadeddd24136a8ec76ec14e6bf9627fe33207f2531807d
SIZE (bugzilla/bugzilla-4.2.6.tar.gz) = 2425903
SHA256 (bugzilla/bugzilla-4.2.7.tar.gz) = c2350e02e287f10dc21d7a1813d5311d84804fb1f3418d4ef5c7e335458fc189
SIZE (bugzilla/bugzilla-4.2.7.tar.gz) = 2964784

View File

@ -179,7 +179,7 @@
%%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif
@comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt
%%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt
%%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml
@ -987,6 +987,8 @@
@dirrmtry %%WWWDIR%%/js/history.js
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
@ -1014,8 +1016,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
@dirrmtry %%WWWDIR%%/data
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML
@ -1048,9 +1048,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
@exec mkdir -p %D/%%WWWDIR%%/xt
@exec mkdir -p %D/%%WWWDIR%%/t
@exec mkdir -p %D/%%WWWDIR%%/lib
@exec mkdir -p %D/%%WWWDIR%%/graphs
@exec mkdir -p %D/%%WWWDIR%%/data
@exec mkdir -p %D/%%WWWDIR%%/contrib

View File

@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
PORTVERSION= 4.4
PORTVERSION= 4.4.1
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
@ -25,8 +25,6 @@ RUN_DEPENDS= \
p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \
p5-URI>=1.37:${PORTSDIR}/net/p5-URI
LATEST_LINK= bugzilla44
USES= perl5
USE_PERL5= patch build run
@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib t xt
USE_APACHE_RUN= 22+
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql
@ -175,6 +171,8 @@ post-patch:
@${FIND} ${WRKSRC} \( -name "CVS" -or -name ".cvsignore" -or -name "*.orig" \
-or -name "*.bak" -or -name ".bzr*" -or -name "README.docs" \) \
| ${XARGS} ${RM} -rf
# empty leftover
@${RM} ${WRKSRC}/docs/en/html/Bugzilla-Guide.proc
do-install: .SILENT
${MKDIR} ${STAGEDIR}${WWWDIR}
@ -198,4 +196,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>

View File

@ -1,8 +1,10 @@
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
PKGNAMESUFFIX= 44
CONFLICTS_INSTALL= \
bugzilla4[^4].* \
bugzilla-4.[^4].*
PORTSCOUT= limitw:1,even

View File

@ -1,2 +1,2 @@
SHA256 (bugzilla/bugzilla-4.4.tar.gz) = 709e1b07ca23a91fbf5fb3d34645a8b574af39034b216daa1811effd02ebd72e
SIZE (bugzilla/bugzilla-4.4.tar.gz) = 2441533
SHA256 (bugzilla/bugzilla-4.4.1.tar.gz) = cc63513b98f7f0a523c58c642554ec72ee1e941f7d13c306e2e8c7e4cceeb428
SIZE (bugzilla/bugzilla-4.4.1.tar.gz) = 2966058

View File

@ -183,7 +183,7 @@
%%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif
@comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt
%%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt
%%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml
@ -999,6 +999,8 @@
@dirrmtry %%WWWDIR%%/js/history.js
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
@ -1027,8 +1029,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
@dirrmtry %%WWWDIR%%/data
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/xsl
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
@ -1062,10 +1062,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
@exec mkdir -p %D/%%WWWDIR%%/xt
@exec mkdir -p %D/%%WWWDIR%%/t
@exec mkdir -p %D/%%WWWDIR%%/lib
@exec mkdir -p %D/%%WWWDIR%%/graphs
@exec mkdir -p %D/%%WWWDIR%%/data
@exec mkdir -p %D/%%WWWDIR%%/contrib
%%PORTDOCS%%@exec mkdir -p %D/%%DOCSDIR%%/en/pdf

View File

@ -11,7 +11,7 @@
SUBDIR += bsdforen-firefox-searchplugin
SUBDIR += bsdgroup-firefox-searchplugin
SUBDIR += bsdpaste
SUBDIR += bugzilla
SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += calligra-l10n

View File

@ -10,9 +10,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf-8
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= German localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
LATEST_LINK= ${PKGNAMEPREFIX}bugzilla
RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
NO_WRKSUBDIR= yes

View File

@ -10,9 +10,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf-8
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= German localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
NO_WRKSUBDIR= yes

View File

@ -11,9 +11,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf-8
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= German localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
LATEST_LINK= ${PKGNAMEPREFIX}bugzilla44
RUN_DEPENDS= bugzilla44>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
NO_WRKSUBDIR= yes

View File

@ -25,7 +25,7 @@
SUBDIR += awffull
SUBDIR += bible_names-fpw
SUBDIR += bookview
SUBDIR += bugzilla
SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += calligra-l10n

View File

@ -11,7 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-template
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= Japanese localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla40
NO_WRKSUBDIR= yes

View File

@ -11,9 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-template
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= Japanese localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
NO_WRKSUBDIR= yes

View File

@ -11,9 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-template
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= Japanese localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
LATEST_LINK= ${PKGNAMEPREFIX}bugzilla44
RUN_DEPENDS= bugzilla44>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
NO_WRKSUBDIR= yes

View File

@ -6,7 +6,7 @@
SUBDIR += MT
SUBDIR += artwiz-ru
SUBDIR += aspell
SUBDIR += bugzilla
SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += calligra-l10n
SUBDIR += d1489

View File

@ -10,7 +10,7 @@ DISTNAME= bugzilla-${PORTVERSION}-ru-20130222
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= Russian localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla40
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru

View File

@ -10,14 +10,12 @@ DISTNAME= bugzilla-${PORTVERSION}-ru-20130618
MAINTAINER= bugzilla@FreeBSD.org
COMMENT= Russian localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru
.include "${.CURDIR}/../../devel/bugzilla42/Makefile.common"
LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
do-install:
${MKDIR} ${STAGEDIR}${WWWDIR}
(cd ${WRKSRC}/ && ${PAX} -r -w * ${STAGEDIR}${WWWDIR})

View File

@ -51,6 +51,67 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="e135f0c9-375f-11e3-80b7-20cf30e32f6d">
<topic>bugzilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>bugzilla</name>
<name>bugzilla40</name>
<name>bugzilla42</name>
<name>bugzilla44</name>
<range><ge>4.0.0</ge><lt>4.0.11</lt></range>
<range><ge>4.2.0</ge><lt>4.2.7</lt></range>
<range><ge>4.4</ge><lt>4.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>A Bugzilla Security Advisory reports:</h1>
<blockquote cite="http://www.bugzilla.org/security/4.0.10/">
<h1>Cross-Site Request Forgery</h1>
<p>When a user submits changes to a bug right after another
user did, a midair collision page is displayed to inform
the user about changes recently made. This page contains
a token which can be used to validate the changes if the
user decides to submit his changes anyway. A regression
in Bugzilla 4.4 caused this token to be recreated if a
crafted URL was given, even when no midair collision page
was going to be displayed, allowing an attacker to bypass
the token check and abuse a user to commit changes on his
behalf.</p>
<h1>Cross-Site Request Forgery</h1>
<p>When an attachment is edited, a token is generated to
validate changes made by the user. Using a crafted URL,
an attacker could force the token to be recreated,
allowing him to bypass the token check and abuse a user
to commit changes on his behalf.</p>
<h1>Cross-Site Scripting</h1>
<p>Some parameters passed to editflagtypes.cgi were not
correctly filtered in the HTML page, which could lead
to XSS.</p>
<h1>Cross-Site Scripting</h1>
<p>Due to an incomplete fix for CVE-2012-4189, some
incorrectly filtered field values in tabular reports
could lead to XSS.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-1733</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=911593</url>
<cvename>CVE-2013-1734</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=913904</url>
<cvename>CVE-2013-1742</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=924802</url>
<cvename>CVE-2013-1743</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=924932</url>
</references>
<dates>
<discovery>2013-10-16</discovery>
<entry>2013-10-17</entry>
</dates>
</vuln>
<vuln vid="8c9b48d1-3715-11e3-a624-00262d8b701d">
<topic>dropbear -- exposure of sensitive information, DoS</topic>
<affects>