- Update to 2.16.7, a security release:

Class:       Unauthorized Bug Change
Versions:    2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
	     message to process_bug.cgi which will remove keywords from
	     a bug even if you don't have permissions to edit all bug
	     fields (the "editbugs" permission).  Such changes are
	     reported in "bug changed" email notifications, so they are
	     easily detected and reversed if someone abuses it.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=252638

- Correct SQL command in pkg-message

PR:		ports/71161, ports/73166
Submitted by:	Dmitry A Grigorovich <odip@bionet.nsc.ru>
This commit is contained in:
Pav Lucistnik 2004-10-27 19:23:53 +00:00
parent da5a605249
commit a6b9ddac1d
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=120335
9 changed files with 18 additions and 15 deletions

View file

@ -6,7 +6,7 @@
#
PORTNAME?= bugzilla
PORTVERSION?= 2.16.6
PORTVERSION?= 2.16.7
CATEGORIES?= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived

View file

@ -1,2 +1,2 @@
MD5 (bugzilla-2.16.6.tar.gz) = 5b694df8739be175f0358507f844b71d
SIZE (bugzilla-2.16.6.tar.gz) = 1365080
MD5 (bugzilla-2.16.7.tar.gz) = ee4c92bfd940521cc68ea91917f9f0dd
SIZE (bugzilla-2.16.7.tar.gz) = 1368799

View file

@ -4,8 +4,9 @@
1. Create database user who has rights on bugs database manipulation
by following mysql commands:
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX, ALTER,CREATE,DROP,REFERENCES \
ON <database>.* TO <dbuser>@<host> IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,REFERENCES,\
LOCK TABLES ON <database>.* TO <dbuser>@<host> \
IDENTIFIED BY '<password>';
FLUSH PRIVILEGES;
where <database> is a bugs database name; <dbuser> is a bugs database

View file

@ -6,7 +6,7 @@
#
PORTNAME?= bugzilla
PORTVERSION?= 2.16.6
PORTVERSION?= 2.16.7
CATEGORIES?= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived

View file

@ -1,2 +1,2 @@
MD5 (bugzilla-2.16.6.tar.gz) = 5b694df8739be175f0358507f844b71d
SIZE (bugzilla-2.16.6.tar.gz) = 1365080
MD5 (bugzilla-2.16.7.tar.gz) = ee4c92bfd940521cc68ea91917f9f0dd
SIZE (bugzilla-2.16.7.tar.gz) = 1368799

View file

@ -4,8 +4,9 @@
1. Create database user who has rights on bugs database manipulation
by following mysql commands:
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX, ALTER,CREATE,DROP,REFERENCES \
ON <database>.* TO <dbuser>@<host> IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,REFERENCES,\
LOCK TABLES ON <database>.* TO <dbuser>@<host> \
IDENTIFIED BY '<password>';
FLUSH PRIVILEGES;
where <database> is a bugs database name; <dbuser> is a bugs database

View file

@ -6,7 +6,7 @@
#
PORTNAME?= bugzilla
PORTVERSION?= 2.16.6
PORTVERSION?= 2.16.7
CATEGORIES?= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived

View file

@ -1,2 +1,2 @@
MD5 (bugzilla-2.16.6.tar.gz) = 5b694df8739be175f0358507f844b71d
SIZE (bugzilla-2.16.6.tar.gz) = 1365080
MD5 (bugzilla-2.16.7.tar.gz) = ee4c92bfd940521cc68ea91917f9f0dd
SIZE (bugzilla-2.16.7.tar.gz) = 1368799

View file

@ -4,8 +4,9 @@
1. Create database user who has rights on bugs database manipulation
by following mysql commands:
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX, ALTER,CREATE,DROP,REFERENCES \
ON <database>.* TO <dbuser>@<host> IDENTIFIED BY '<password>';
GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,REFERENCES,\
LOCK TABLES ON <database>.* TO <dbuser>@<host> \
IDENTIFIED BY '<password>';
FLUSH PRIVILEGES;
where <database> is a bugs database name; <dbuser> is a bugs database