FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8cbf4d65-af9a-11df-89b8-00151735203abugzilla -- information disclosure, denial of service

A Bugzilla Security Advisory reports:

  • Remote Information Disclosure: An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronouns to groups the user belongs to.
  • Notification Bypass: Normally, when a user is impersonated, he receives an email informing him that he is being impersonated, containing the identity of the impersonator. However, it was possible to impersonate a user without this notification being sent.
  • Remote Information Disclosure: An error message thrown by the "Reports" and "Duplicates" page confirmed the non-existence of products, thus allowing users to guess confidential product names. (Note that the "Duplicates" page was not vulnerable in Bugzilla 3.6rc1 and above though.)
  • Denial of Service: If a comment contained the phrases "bug X" or "attachment X", where X was an integer larger than the maximum 32-bit signed integer size, PostgreSQL would throw an error, and any page containing that comment would not be viewable. On most Bugzillas, any user can enter a comment on any bug, so any user could have used this to deny access to one or all bugs. Bugzillas running on databases other than PostgreSQL are not affected.

Discovery 2010-08-05
Entry 2010-08-24
bugzilla
gt 2.17.1 lt 3.6.2

CVE-2010-2756
CVE-2010-2757
CVE-2010-2758
CVE-2010-2759
https://bugzilla.mozilla.org/show_bug.cgi?id=417048
https://bugzilla.mozilla.org/show_bug.cgi?id=450013
https://bugzilla.mozilla.org/show_bug.cgi?id=577139
https://bugzilla.mozilla.org/show_bug.cgi?id=519835
https://bugzilla.mozilla.org/show_bug.cgi?id=583690
c8c927e5-2891-11e0-8f26-00151735203abugzilla -- multiple serious vulnerabilities

A Bugzilla Security Advisory reports:

This advisory covers three security issues that have recently been fixed in the Bugzilla code:

  • A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account.
  • A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages in Bugzilla.
  • If you put a harmful "javascript:" or "data:" URL into Bugzilla's "URL" field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable.
  • Various pages lack protection against cross-site request forgeries.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2011-01-24
Entry 2011-01-25
bugzilla
ge 2.14.* lt 3.6.4

25425
CVE-2010-4568
CVE-2010-2761
CVE-2010-4411
CVE-2010-4572
CVE-2010-4567
CVE-2010-0048
CVE-2011-0046
https://bugzilla.mozilla.org/show_bug.cgi?id=621591
https://bugzilla.mozilla.org/show_bug.cgi?id=619594
https://bugzilla.mozilla.org/show_bug.cgi?id=591165
https://bugzilla.mozilla.org/show_bug.cgi?id=621572
https://bugzilla.mozilla.org/show_bug.cgi?id=619588
https://bugzilla.mozilla.org/show_bug.cgi?id=628034
https://bugzilla.mozilla.org/show_bug.cgi?id=621090
https://bugzilla.mozilla.org/show_bug.cgi?id=621105
https://bugzilla.mozilla.org/show_bug.cgi?id=621107
https://bugzilla.mozilla.org/show_bug.cgi?id=621108
https://bugzilla.mozilla.org/show_bug.cgi?id=621109
https://bugzilla.mozilla.org/show_bug.cgi?id=621110
1d96305d-6ae6-11dd-91d5-000c29d47fd7Bugzilla -- Directory Traversal in importxml.pl

A Bugzilla Security Advisory reports:

When importing bugs using importxml.pl, the --attach_path option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious

../relative_path/to/local_file

node, the script follows this relative path and attaches the local file pointed by it to the bug, making the file public. The security fix makes sure the relative path is always ignored.


Discovery 2008-06-03
Entry 2008-08-15
Modified 2010-05-12
bugzilla
ja-bugzilla
ge 2.22.1 lt 2.22.4

ge 3.* lt 3.0.4

CVE-2008-4437
https://bugzilla.mozilla.org/show_bug.cgi?id=437169
309542b5-50b9-11e1-b0d8-00151735203abugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

  • Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user account. Such email addresses could look visually identical to other valid email addresses, and an attacker could try to confuse other users and be added to bugs he shouldn't have access to.
  • Cross-Site Request Forgery: Due to a lack of validation of the Content-Type head when making POST requests to jsonrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious JS code in it, an attacker could make changes to a remote Bugzilla installation on behalf of the victim's account by using the JSON-RPC API. The user would have had to be already logged in to the target site for the vulnerability to work.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2012-01-31
Entry 2012-02-06
bugzilla
ge 2.4.* lt 3.6.8

ge 4.0.* lt 4.0.4

CVE-2012-0448
CVE-2012-0440
https://bugzilla.mozilla.org/show_bug.cgi?id=714472
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
f1331504-8849-11df-89b8-00151735203abugzilla -- information disclosure

A Bugzilla Security Advisory reports:

  • Normally, information about time-tracking (estimated hours, actual hours, hours worked, and deadlines) is restricted to users in the "time-tracking group". However, any user was able, by crafting their own search URL, to search for bugs based using those fields as criteria, thus possibly exposing sensitive time-tracking information by a user seeing that a bug matched their search.
  • If $use_suexec was set to "1" in the localconfig file, then the localconfig file's permissions were set as world-readable by checksetup.pl. This allowed any user with local shell access to see the contents of the file, including the database password and the site_wide_secret variable used for CSRF protection.

Discovery 2010-06-24
Entry 2010-07-05
bugzilla
gt 2.17.1 lt 3.6.1

CVE-2010-1204
CVE-2010-0180
https://bugzilla.mozilla.org/show_bug.cgi?id=309952
https://bugzilla.mozilla.org/show_bug.cgi?id=561797
dc8741b9-c5d5-11e0-8a8e-00151735203abugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

  • Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of malicious code in the attachment.
  • It is possible to determine whether or not certain group names exist while creating or updating bugs.
  • Attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications sent to the requestee or the requester when editing an attachment flag.
  • If an attacker has access to a user's session, he can modify that user's email address without that user being notified of the change.
  • Temporary files for uploaded attachments are not deleted on Windows, which could let a user with local access to the server read them.
  • Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised, it can be used to inject HTML code when viewing a bug report, leading to a cross-site scripting attack.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2011-08-04
Entry 2011-08-13
bugzilla
ge 2.4.* lt 3.6.6

ge 4.0.* lt 4.0.2

CVE-2011-2379
CVE-2011-2380
CVE-2011-2979
CVE-2011-2381
CVE-2011-2978
CVE-2011-2977
CVE-2011-2976
https://bugzilla.mozilla.org/show_bug.cgi?id=637981
https://bugzilla.mozilla.org/show_bug.cgi?id=653477
https://bugzilla.mozilla.org/show_bug.cgi?id=674497
https://bugzilla.mozilla.org/show_bug.cgi?id=657158
https://bugzilla.mozilla.org/show_bug.cgi?id=670868
https://bugzilla.mozilla.org/show_bug.cgi?id=660502
https://bugzilla.mozilla.org/show_bug.cgi?id=660053
0c7a3ee2-3654-11e1-b404-20cf30e32f6dbugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

The following security issues have been discovered in Bugzilla:

  • Tabular and graphical reports, as well as new charts have a debug mode which displays raw data as plain text. This text is not correctly escaped and a crafted URL could use this vulnerability to inject code leading to XSS.
  • The User.offer_account_by_email WebService method ignores the user_can_create_account setting of the authentication method and generates an email with a token in it which the user can use to create an account. Depending on the authentication method being active, this could allow the user to log in using this account. Installations where the createemailregexp parameter is empty are not vulnerable to this issue.
  • The creation of bug reports and of attachments is not protected by a token and so they can be created without the consent of a user if the relevant code is embedded in an HTML page and the user visits this page. This behavior was intentional to let third-party applications submit new bug reports and attachments easily. But as this behavior can be abused by a malicious user, it has been decided to block submissions with no valid token starting from version 4.2rc1. Older branches are not patched to not break these third-party applications after the upgrade.

All affected installations are encouraged to upgrade as soon as possible.


Discovery 2011-11-28
Entry 2012-01-05
bugzilla
ge 2.4.* lt 3.6.7

ge 4.0.* lt 4.0.3

CVE-2011-3657
CVE-2011-3667
CVE-2011-3668
CVE-2011-3669
https://bugzilla.mozilla.org/show_bug.cgi?id=697699
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
https://bugzilla.mozilla.org/show_bug.cgi?id=703975
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
75231c63-f6a2-499d-8e27-787773bda284bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

This advisory covers three security issues that have recently been fixed in the Bugzilla code:

  • A possible cross-site scripting (XSS) vulnerability when filing bugs using the guided form.
  • When using email_in.pl, insufficiently escaped data may be passed to sendmail.
  • Users using the WebService interface may access Bugzilla's time-tracking fields even if they normally cannot see them.

We strongly advise that 2.20.x and 2.22.x users should upgrade to 2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or below, should upgrade to 3.0.1.


Discovery 2007-08-23
Entry 2007-09-21
bugzilla
ja-bugzilla
ge 2.20.* lt 2.22.3

ge 3.* lt 3.0.1

25425
CVE-2007-4538
CVE-2007-4539
CVE-2007-4543
http://www.bugzilla.org/security/2.20.4/