mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-29 05:38:00 +00:00
bb7daf8882
3.6.11, 4.0.8, 4.2.4 Summary ======= The following security issues have been discovered in Bugzilla: * Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field. * When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if the given group names exist or not. * Due to incorrectly filtered field values in tabular reports, it is possible to inject code which can lead to XSS. * When trying to mark an attachment in a bug you cannot see as obsolete, the description of the attachment is disclosed in the error message. * A vulnerability in swfstore.swf from YUI2 can lead to XSS. Feature safe: yes Security: CVE-2012-4199 https://bugzilla.mozilla.org/show_bug.cgi?id=731178 CVE-2012-4198 https://bugzilla.mozilla.org/show_bug.cgi?id=781850 CVE-2012-4189 https://bugzilla.mozilla.org/show_bug.cgi?id=790296 CVE-2012-4197 https://bugzilla.mozilla.org/show_bug.cgi?id=802204 CVE-2012-5475 https://bugzilla.mozilla.org/show_bug.cgi?id=808845 http://yuilibrary.com/support/20121030-vulnerability/ |
||
---|---|---|
.. | ||
files | ||
distinfo | ||
Makefile | ||
Makefile.common | ||
Makefile.options | ||
pkg-descr | ||
pkg-plist |