FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory.

The following package is affected: bugzilla CVE-2009-3125 SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. CVE-2009-3165 SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. CVE-2009-3166 token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Update your system with the appropriate patches or software upgrades. http://www.bugzilla.org/security/3.0.8/ http://www.vuxml.org/freebsd/b9ec7fe3-a38a-11de-9c6b-003048818f40.html