1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-04 01:48:54 +00:00
freebsd-ports/devel/bugzilla2/pkg-message
Pav Lucistnik a6b9ddac1d - Update to 2.16.7, a security release:
Class:       Unauthorized Bug Change
Versions:    2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
	     message to process_bug.cgi which will remove keywords from
	     a bug even if you don't have permissions to edit all bug
	     fields (the "editbugs" permission).  Such changes are
	     reported in "bug changed" email notifications, so they are
	     easily detected and reversed if someone abuses it.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=252638

- Correct SQL command in pkg-message

PR:		ports/71161, ports/73166
Submitted by:	Dmitry A Grigorovich <odip@bionet.nsc.ru>
2004-10-27 19:23:53 +00:00

24 lines
1.0 KiB
Plaintext

==========================================================================
Bugzilla has now been installed. To quick setup you have to:
1. Create database user who has rights on bugs database manipulation
by following mysql commands:
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,REFERENCES,\
LOCK TABLES ON <database>.* TO <dbuser>@<host> \
IDENTIFIED BY '<password>';
FLUSH PRIVILEGES;
where <database> is a bugs database name; <dbuser> is a bugs database
owner; <host> is a host there bugzilla is being setup;
<password> is a database owner's password;
2. Change working directory to %%PREFIX%%/%%BUGZILLADIR%%
3. Run "./checksetup.pl" script as root user
4. Read output carefully and follow all instructions
For more complete database setup and post-installation instructions
and security tips/notes please read Bugzilla Guide in
%%PORTDOCS%%%%DOCSDIR%% (chapter 4: Installation)
==========================================================================