Bug 43883 - BugZilla contains multiple security holes which must be corrected or denied
Summary: BugZilla contains multiple security holes which must be corrected or denied
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Alexey Zelkin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-10-10 03:00 UTC by Jason Li
Modified: 2003-01-23 15:57 UTC (History)
0 users

See Also:

Attachments
file.diff (562 bytes, patch)
2002-10-10 03:00 UTC, Jason Li 		no flags Details | Diff
file.diff (231 bytes, patch)
2002-10-10 03:00 UTC, Jason Li 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Li 2002-10-10 03:00:13 UTC 
As said in BugZilla's homepage,

All Bugzilla installations are advised to upgrade to the latest versions
of Bugzilla, 2.14.4 and 2.16.1, both released today. Security issues of 
varying importance have been fixed in both.  These vulnerabilities affect 
all previous 2.14 and 2.16 releases.

There're multiple security holes that must be solved by upgrading to the latest 2.16.1.

Fix: Do some changes in ports/devel/bugzilla. Considering the original port was 2.14.3, I think 2.14.4 would be better, so apply this patch on the port:
How-To-Repeat: This behavior is by design...
Comment 1 Ying-Chieh Liao freebsd_committer freebsd_triage 2002-10-10 03:44:28 UTC 
Responsible Changed
From-To: freebsd-ports->phantom

over to maintainer
Comment 2 Alexey Zelkin freebsd_committer freebsd_triage 2003-01-23 15:56:48 UTC 
State Changed
From-To: open->closed

Problem was fixed 3 months ago.  Close PR.