Tue May 6 19:36:39 2008 UTC ()
2.22.4

Class:       Cross-Site Scripting
Versions:    2.17.2 and higher
Description: When using the "Format for Printing" view of a bug (or
             the "Long Format" of a bug list, which is the same thing),
	     there was a cross-site scripting hole--arbitrary text
	     from a particular URL parameter could be injected into the
	     page without filtering.


(adrianp)
diff -r1.28 -r1.29 pkgsrc/devel/bugzilla/Makefile
diff -r1.13 -r1.14 pkgsrc/devel/bugzilla/PLIST
diff -r1.14 -r1.15 pkgsrc/devel/bugzilla/distinfo
cvs diff -r1.28 -r1.29 pkgsrc/devel/bugzilla/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/bugzilla/Makefile 2008/03/03 17:45:34 1.28
+++ pkgsrc/devel/bugzilla/Makefile 2008/05/06 19:36:39 1.29
@@ -1,24 +1,26 @@ @@ -1,24 +1,26 @@
1# $NetBSD: Makefile,v 1.28 2008/03/03 17:45:34 jlam Exp $ 1# $NetBSD: Makefile,v 1.29 2008/05/06 19:36:39 adrianp Exp $
2# 2#
3 3
4DISTNAME= bugzilla-2.22.3 4DISTNAME= bugzilla-2.22.4
5CATEGORIES= www devel 5CATEGORIES= www devel
6MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=webtools/} 6MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=webtools/}
7 7
8MAINTAINER= adrianp@NetBSD.org 8MAINTAINER= adrianp@NetBSD.org
9HOMEPAGE= http://www.bugzilla.org/ 9HOMEPAGE= http://www.bugzilla.org/
10COMMENT= Web based bug tracking system 10COMMENT= Web based bug tracking system
11 11
 12CONFLICTS+= bugzilla-3.[0-9]*
 13
12DEPENDS+= p5-AppConfig>=1.52:../../devel/p5-AppConfig 14DEPENDS+= p5-AppConfig>=1.52:../../devel/p5-AppConfig
13DEPENDS+= p5-CGI>=2.93:../../www/p5-CGI 15DEPENDS+= p5-CGI>=2.93:../../www/p5-CGI
14DEPENDS+= p5-DBI>=1.38:../../databases/p5-DBI 16DEPENDS+= p5-DBI>=1.38:../../databases/p5-DBI
15DEPENDS+= p5-File-Temp-[0-9]*:../../devel/p5-File-Temp 17DEPENDS+= p5-File-Temp-[0-9]*:../../devel/p5-File-Temp
16DEPENDS+= p5-Template-Toolkit>=2.10:../../www/p5-Template-Toolkit 18DEPENDS+= p5-Template-Toolkit>=2.10:../../www/p5-Template-Toolkit
17DEPENDS+= p5-Text-Tabs+Wrap>=2001.0131:../../textproc/p5-Text-Tabs+Wrap 19DEPENDS+= p5-Text-Tabs+Wrap>=2001.0131:../../textproc/p5-Text-Tabs+Wrap
18DEPENDS+= p5-Storable-[0-9]*:../../devel/p5-Storable 20DEPENDS+= p5-Storable-[0-9]*:../../devel/p5-Storable
19DEPENDS+= p5-TimeDate>=1.16:../../time/p5-TimeDate 21DEPENDS+= p5-TimeDate>=1.16:../../time/p5-TimeDate
20DEPENDS+= p5-MailTools>=1.74:../../mail/p5-MailTools 22DEPENDS+= p5-MailTools>=1.74:../../mail/p5-MailTools
21DEPENDS+= p5-MIME-Base64>=3.01:../../converters/p5-MIME-Base64 23DEPENDS+= p5-MIME-Base64>=3.01:../../converters/p5-MIME-Base64
22DEPENDS+= p5-MIME-tools>=5.406:../../mail/p5-MIME-tools 24DEPENDS+= p5-MIME-tools>=5.406:../../mail/p5-MIME-tools
23 25
24PKG_DESTDIR_SUPPORT= destdir 26PKG_DESTDIR_SUPPORT= destdir
cvs diff -r1.13 -r1.14 pkgsrc/devel/bugzilla/PLIST (expand / switch to unified diff)

--- pkgsrc/devel/bugzilla/PLIST 2007/08/25 09:49:34 1.13
+++ pkgsrc/devel/bugzilla/PLIST 2008/05/06 19:36:39 1.14
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.13 2007/08/25 09:49:34 adrianp Exp $ 1@comment $NetBSD: PLIST,v 1.14 2008/05/06 19:36:39 adrianp Exp $
2share/bugzilla/Bugzilla.pm 2share/bugzilla/Bugzilla.pm
3share/bugzilla/Bugzilla/Attachment.pm 3share/bugzilla/Bugzilla/Attachment.pm
4share/bugzilla/Bugzilla/Auth.pm 4share/bugzilla/Bugzilla/Auth.pm
5share/bugzilla/Bugzilla/Auth/Login/WWW.pm 5share/bugzilla/Bugzilla/Auth/Login/WWW.pm
6share/bugzilla/Bugzilla/Auth/Login/WWW/CGI.pm 6share/bugzilla/Bugzilla/Auth/Login/WWW/CGI.pm
7share/bugzilla/Bugzilla/Auth/Login/WWW/CGI/Cookie.pm 7share/bugzilla/Bugzilla/Auth/Login/WWW/CGI/Cookie.pm
8share/bugzilla/Bugzilla/Auth/Login/WWW/Env.pm 8share/bugzilla/Bugzilla/Auth/Login/WWW/Env.pm
9share/bugzilla/Bugzilla/Auth/README 9share/bugzilla/Bugzilla/Auth/README
10share/bugzilla/Bugzilla/Auth/Verify/DB.pm 10share/bugzilla/Bugzilla/Auth/Verify/DB.pm
11share/bugzilla/Bugzilla/Auth/Verify/LDAP.pm 11share/bugzilla/Bugzilla/Auth/Verify/LDAP.pm
12share/bugzilla/Bugzilla/Bug.pm 12share/bugzilla/Bugzilla/Bug.pm
13share/bugzilla/Bugzilla/BugMail.pm 13share/bugzilla/Bugzilla/BugMail.pm
14share/bugzilla/Bugzilla/CGI.pm 14share/bugzilla/Bugzilla/CGI.pm
@@ -60,26 +60,29 @@ share/bugzilla/Bugzilla/User/Setting.pm @@ -60,26 +60,29 @@ share/bugzilla/Bugzilla/User/Setting.pm
60share/bugzilla/Bugzilla/Util.pm 60share/bugzilla/Bugzilla/Util.pm
61share/bugzilla/Bugzilla/Version.pm 61share/bugzilla/Bugzilla/Version.pm
62share/bugzilla/attachment.cgi 62share/bugzilla/attachment.cgi
63share/bugzilla/buglist.cgi 63share/bugzilla/buglist.cgi
64share/bugzilla/bugzilla.dtd 64share/bugzilla/bugzilla.dtd
65share/bugzilla/chart.cgi 65share/bugzilla/chart.cgi
66share/bugzilla/checksetup.pl 66share/bugzilla/checksetup.pl
67share/bugzilla/colchange.cgi 67share/bugzilla/colchange.cgi
68share/bugzilla/collectstats.pl 68share/bugzilla/collectstats.pl
69share/bugzilla/config.cgi 69share/bugzilla/config.cgi
70share/bugzilla/createaccount.cgi 70share/bugzilla/createaccount.cgi
71share/bugzilla/describecomponents.cgi 71share/bugzilla/describecomponents.cgi
72share/bugzilla/describekeywords.cgi 72share/bugzilla/describekeywords.cgi
 73share/bugzilla/docs/html/keywords.html
 74share/bugzilla/docs/html/sanitycheck.html
 75share/bugzilla/docs/html/x767.html
73share/bugzilla/docs/html/Bugzilla-Guide.html 76share/bugzilla/docs/html/Bugzilla-Guide.html
74share/bugzilla/docs/html/about.html 77share/bugzilla/docs/html/about.html
75share/bugzilla/docs/html/administration.html 78share/bugzilla/docs/html/administration.html
76share/bugzilla/docs/html/attachments.html 79share/bugzilla/docs/html/attachments.html
77share/bugzilla/docs/html/bug_page.html 80share/bugzilla/docs/html/bug_page.html
78share/bugzilla/docs/html/bugreports.html 81share/bugzilla/docs/html/bugreports.html
79share/bugzilla/docs/html/classifications.html 82share/bugzilla/docs/html/classifications.html
80share/bugzilla/docs/html/cmdline-bugmail.html 83share/bugzilla/docs/html/cmdline-bugmail.html
81share/bugzilla/docs/html/cmdline.html 84share/bugzilla/docs/html/cmdline.html
82share/bugzilla/docs/html/components.html 85share/bugzilla/docs/html/components.html
83share/bugzilla/docs/html/configuration.html 86share/bugzilla/docs/html/configuration.html
84share/bugzilla/docs/html/conventions.html 87share/bugzilla/docs/html/conventions.html
85share/bugzilla/docs/html/copyright.html 88share/bugzilla/docs/html/copyright.html
@@ -146,27 +149,26 @@ share/bugzilla/docs/html/trbl-perlmodule @@ -146,27 +149,26 @@ share/bugzilla/docs/html/trbl-perlmodule
146share/bugzilla/docs/html/trbl-relogin-everyone.html 149share/bugzilla/docs/html/trbl-relogin-everyone.html
147share/bugzilla/docs/html/trbl-relogin-some.html 150share/bugzilla/docs/html/trbl-relogin-some.html
148share/bugzilla/docs/html/trbl-testserver.html 151share/bugzilla/docs/html/trbl-testserver.html
149share/bugzilla/docs/html/trouble-filetemp.html 152share/bugzilla/docs/html/trouble-filetemp.html
150share/bugzilla/docs/html/troubleshooting.html 153share/bugzilla/docs/html/troubleshooting.html
151share/bugzilla/docs/html/upgrading.html 154share/bugzilla/docs/html/upgrading.html
152share/bugzilla/docs/html/useradmin.html 155share/bugzilla/docs/html/useradmin.html
153share/bugzilla/docs/html/userpreferences.html 156share/bugzilla/docs/html/userpreferences.html
154share/bugzilla/docs/html/using-intro.html 157share/bugzilla/docs/html/using-intro.html
155share/bugzilla/docs/html/using.html 158share/bugzilla/docs/html/using.html
156share/bugzilla/docs/html/versions.html 159share/bugzilla/docs/html/versions.html
157share/bugzilla/docs/html/voting.html 160share/bugzilla/docs/html/voting.html
158share/bugzilla/docs/html/whining.html 161share/bugzilla/docs/html/whining.html
159share/bugzilla/docs/html/x763.html 
160share/bugzilla/duplicates.cgi 162share/bugzilla/duplicates.cgi
161share/bugzilla/duplicates.xul 163share/bugzilla/duplicates.xul
162share/bugzilla/editclassifications.cgi 164share/bugzilla/editclassifications.cgi
163share/bugzilla/editcomponents.cgi 165share/bugzilla/editcomponents.cgi
164share/bugzilla/editflagtypes.cgi 166share/bugzilla/editflagtypes.cgi
165share/bugzilla/editgroups.cgi 167share/bugzilla/editgroups.cgi
166share/bugzilla/editkeywords.cgi 168share/bugzilla/editkeywords.cgi
167share/bugzilla/editmilestones.cgi 169share/bugzilla/editmilestones.cgi
168share/bugzilla/editparams.cgi 170share/bugzilla/editparams.cgi
169share/bugzilla/editproducts.cgi 171share/bugzilla/editproducts.cgi
170share/bugzilla/editsettings.cgi 172share/bugzilla/editsettings.cgi
171share/bugzilla/editusers.cgi 173share/bugzilla/editusers.cgi
172share/bugzilla/editvalues.cgi 174share/bugzilla/editvalues.cgi
cvs diff -r1.14 -r1.15 pkgsrc/devel/bugzilla/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/bugzilla/distinfo 2007/08/25 09:49:34 1.14
+++ pkgsrc/devel/bugzilla/distinfo 2008/05/06 19:36:39 1.15
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.14 2007/08/25 09:49:34 adrianp Exp $ 1$NetBSD: distinfo,v 1.15 2008/05/06 19:36:39 adrianp Exp $
2 2
3SHA1 (bugzilla-2.22.3.tar.gz) = 461d1a754cdc4a9e26fc6936c48fbd7cf71fab14 3SHA1 (bugzilla-2.22.4.tar.gz) = 37b53606e04f00d21460f03f27c9a2dd2fda2820
4RMD160 (bugzilla-2.22.3.tar.gz) = 787f84e343297b1a8caee8310354e01f7c8cc2f8 4RMD160 (bugzilla-2.22.4.tar.gz) = bb5850ffcf85e08b18393569341255edfdd9d672
5Size (bugzilla-2.22.3.tar.gz) = 1940974 bytes 5Size (bugzilla-2.22.4.tar.gz) = 2114034 bytes
6SHA1 (patch-aa) = 1139740aac7497c85f274ae4153a867abe8194a2 6SHA1 (patch-aa) = 1139740aac7497c85f274ae4153a867abe8194a2