mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-16 07:58:04 +00:00
bb7daf8882
3.6.11, 4.0.8, 4.2.4 Summary ======= The following security issues have been discovered in Bugzilla: * Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field. * When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if the given group names exist or not. * Due to incorrectly filtered field values in tabular reports, it is possible to inject code which can lead to XSS. * When trying to mark an attachment in a bug you cannot see as obsolete, the description of the attachment is disclosed in the error message. * A vulnerability in swfstore.swf from YUI2 can lead to XSS. Feature safe: yes Security: CVE-2012-4199 https://bugzilla.mozilla.org/show_bug.cgi?id=731178 CVE-2012-4198 https://bugzilla.mozilla.org/show_bug.cgi?id=781850 CVE-2012-4189 https://bugzilla.mozilla.org/show_bug.cgi?id=790296 CVE-2012-4197 https://bugzilla.mozilla.org/show_bug.cgi?id=802204 CVE-2012-5475 https://bugzilla.mozilla.org/show_bug.cgi?id=808845 http://yuilibrary.com/support/20121030-vulnerability/
3 lines
155 B
Plaintext
3 lines
155 B
Plaintext
SHA256 (bugzilla/bugzilla-4.0.9.tar.gz) = af79b2f2b39f428e19122707d1334db5e447742ca6098f74803c35277117e394
|
|
SIZE (bugzilla/bugzilla-4.0.9.tar.gz) = 2803607
|