Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/devel/bugzilla
From: Tyler R. Retzlaff
Date: 2008-05-15 12:33:01
Message id: 20080515103301.5413E175D0@cvs.netbsd.org
Log Message:
pullup ticket #2380 - requested by adrianp
bugzilla: update for cross-site scripting vulnerability

revisions pulled up:
- pkgsrc/devel/bugzilla/Makefile
- pkgsrc/devel/bugzilla/PLIST
- pkgsrc/devel/bugzilla/distinfo

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Tue May  6 19:36:39 UTC 2008

   Modified Files:
   	pkgsrc/devel/bugzilla: Makefile PLIST distinfo

   Log Message:
   2.22.4

   Class:       Cross-Site Scripting
   Versions:    2.17.2 and higher
   Description: When using the "Format for Printing" view of a bug (or
               the "Long Format" of a bug list, which is the same thing),
   	     there was a cross-site scripting hole--arbitrary text
   	     from a particular URL parameter could be injected into the
      	     page without filtering.
Files:
RevisionActionfile
1.28.2.1modifypkgsrc/devel/bugzilla/Makefile
1.13.6.1modifypkgsrc/devel/bugzilla/PLIST
1.14.6.1modifypkgsrc/devel/bugzilla/distinfo