From: "Tyler R. Retzlaff" <rtr@netbsd.org>
Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/devel/bugzilla
To: pkgsrc-changes@NetBSD.org
Reply-To: rtr@netbsd.org
Message-Id: <20080515103301.5413E175D0@cvs.netbsd.org>
Date: Thu, 15 May 2008 10:33:01 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list


Module Name:	pkgsrc
Committed By:	rtr
Date:		Thu May 15 10:33:01 UTC 2008

Modified Files:
	pkgsrc/devel/bugzilla [pkgsrc-2008Q1]: Makefile PLIST distinfo

Log Message:
pullup ticket #2380 - requested by adrianp
bugzilla: update for cross-site scripting vulnerability

revisions pulled up:
- pkgsrc/devel/bugzilla/Makefile
- pkgsrc/devel/bugzilla/PLIST
- pkgsrc/devel/bugzilla/distinfo

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Tue May  6 19:36:39 UTC 2008

   Modified Files:
   	pkgsrc/devel/bugzilla: Makefile PLIST distinfo

   Log Message:
   2.22.4

   Class:       Cross-Site Scripting
   Versions:    2.17.2 and higher
   Description: When using the "Format for Printing" view of a bug (or
               the "Long Format" of a bug list, which is the same thing),
   	     there was a cross-site scripting hole--arbitrary text
   	     from a particular URL parameter could be injected into the
      	     page without filtering.


To generate a diff of this commit:
cvs rdiff -r1.28 -r1.28.2.1 pkgsrc/devel/bugzilla/Makefile
cvs rdiff -r1.13 -r1.13.6.1 pkgsrc/devel/bugzilla/PLIST
cvs rdiff -r1.14 -r1.14.6.1 pkgsrc/devel/bugzilla/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.