FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory.

The following package is affected: bugzilla CVE-2010-2756 Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. CVE-2010-2757 The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. CVE-2010-2758 Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. CVE-2010-2759 Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment.

Update your system with the appropriate patches or software upgrades. https://bugzilla.mozilla.org/show_bug.cgi?id=417048 https://bugzilla.mozilla.org/show_bug.cgi?id=450013 https://bugzilla.mozilla.org/show_bug.cgi?id=577139 https://bugzilla.mozilla.org/show_bug.cgi?id=519835 https://bugzilla.mozilla.org/show_bug.cgi?id=583690 http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html