1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00
freebsd-ports/devel/bugzilla42/Makefile.options
Olli Hauer de51be0645 - update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743
2013-10-17 19:35:22 +00:00

72 lines
1.4 KiB
Makefile

# $FreeBSD$
OPTIONS_DEFINE= \
DOCS \
MODPERL
OPTIONS_GROUP= UI DBBACKEND REPORTING ATTACHMENT EMAIL WEBSERVICE AUTH ADMIN
OPTIONS_GROUP_ADMIN= \
MOVE_BUGZ \
EXPORT_IMPORT \
CONTRIB
OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS
OPTIONS_GROUP_DBBACKEND= \
MYSQL \
PGSQL \
SQLITE
OPTIONS_GROUP_EMAIL= \
INBOUND_EMAIL \
MAIL_QUEUEING
OPTIONS_GROUP_REPORTING= \
GRAPHVIZ \
GRAPH_REPORTS \
CHARTING_MODULES
OPTIONS_GROUP_WEBSERVICE= \
XMLRPC \
JSONRPC
OPTIONS_GROUP_UI= \
PATCH_VIEWER \
MORE_HTML
OPTIONS_DEFAULT= \
CHARTING_MODULES\
CONTRIB \
GRAPH_REPORTS \
MORE_HTML \
PATCH_VIEWER
BMP2PNG_DESC= BMP Attachments to PNGs
CHARTING_MODULES_DESC= Bug charting support
CONTRIB_DESC= Install user-contributed scripts
EXPORT_IMPORT_DESC= Import/export bugs (via XML)
GRAPH_REPORTS_DESC= Graphical Reports
INBOUND_EMAIL_DESC= Inbound Email
JSONRPC_DESC= JSON-RPC Interface
MAIL_QUEUEING_DESC= Mail Queueing
MORE_HTML_DESC= More HTML in Product/Group Descriptions
MOVE_BUGZ_DESC= Move Bugs Between Installations
PATCH_VIEWER_DESC= Patch Viewer
XMLRPC_DESC= XML-RPC Interface
# Option group description
ADMIN_DESC= Administration
ATTACHMENT_DESC= Attachment handling
AUTH_DESC= Alternative Authentication
DBBACKEND_DESC= Database Engine
EMAIL_DESC= Email handling
REPORTING_DESC= Reports and Charts
WEBSERVICE_DESC= Web Services