Security update for bugzilla to versiopn 3.6.2. (I'm running this verion now since a view days, no issues since now reported by the users) Security Advisory Source: http://www.bugzilla.org/security/3.2.7/ (5 Aug 2010) ================================================================== * It was possible to (at least partially) determine the membership of any group using the Search interface. * It was possible to use the 'sudo' feature without sending a notification to the user being impersonated. * The 'Reports' and 'Duplicates' pages let you guess the name of products you could not see, due to the error message that was thrown. * For installations using PostgreSQL, specifying "bug X" or "attachment X" in a comment would deny access to the bug if X was larger than the maximum 32-bit signed integer size. All affected installations are encouraged to upgrade as soon as possible. Updates in this 3.6.x Release Source: http://www.bugzilla.org/releases/3.6.2/release-notes.html ================================================================== In addition, the following important fixes/changes have been made in this release: * Email notifications where missing the dates that comments were made. (Bug 578003) * Putting a phrase in quotes in the Quicksearch box now works properly, again. (Bug 578494 and Bug 553884) * Quicksearch was usually (incorrectly) being limited to 200 results. (Bug 581622) * Searching "keywords" for "contains none of the words" or "does not match regular expression" now works properly. (Bug 562014) * Doing collectstats.pl --regenerate now works on installations using PostgreSQL. (Bug 577058) * The "Field Values" administrative control panel was sometimes denying admins the ability to delete field values when there was no reason to deny the deletion. (Bug 577054) * Eliminate the "uninitialized value" warnings that would happen when editing a product's components. (Bug 576911) * The updating of bugs_fulltext that happens during checksetup.pl for upgrades to 3.6 should now be MUCH faster. (Bug 577754) * email_in.pl was not allowing the setting of time-tracking fields via inbound emails. (Bug 583622)
Responsible Changed From-To: freebsd-ports-bugs->skv Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->closed Committed, thanks!
Hi skv@, It seems that bugzilla 3.6.2 had not been committed yet. Please make sure your "cvs commit" operation. Thanks, -- TAKATSU Tomonari
skv 2010-09-06 07:58:29 UTC FreeBSD ports repository Modified files: devel/bugzilla Makefile distinfo Log: Update to 3.6.2 Changes: http://www.bugzilla.org/releases/3.6.2/release-notes.html Security: http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html PR: ports/149721 Submitted by: ohauer Revision Changes Path 1.78 +1 -1 ports/devel/bugzilla/Makefile 1.41 +3 -3 ports/devel/bugzilla/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"