K 10 svn:author V 6 ohauer K 8 svn:date V 27 2014-10-07T21:41:32.708852Z K 7 svn:log V 869 - remove FreeBSD-specific bits - bump PORTREVISION PR: 194123 Submitted by: mva Reviewed by: eadler MFH: r370211 - update to bugzilla 4.4.6 Summary ======= The following security issues have been discovered in Bugzilla: * The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who aren't in the insider group * Specially formatted values in a CSV search results export could be used in spreadsheet software to attack a user's computer. Security: CVE-2014-1572 CVE-2014-1571 CVE-2014-1571 MFH: r370268 - add CPE information [1] additional MFH revisions: r370209, 370211 Approved by: portmgr (erwin) END