Module Name:	pkgsrc
Committed By:	snj
Date:		Thu Jul 14 22:01:51 UTC 2005

Modified Files:
	pkgsrc/devel/bugzilla [pkgsrc-2005Q2]: Makefile PLIST distinfo

Log Message:
Pullup ticket 600 - requested by Adrian Portelli
security update for bugzilla

Revisions pulled up:
- pkgsrc/devel/bugzilla/Makefile	1.8
- pkgsrc/devel/bugzilla/PLIST		1.4
- pkgsrc/devel/bugzilla/distinfo	1.7

    Module Name:    pkgsrc
    Committed By:   adrianp
    Date:           Thu Jul 14 10:26:29 UTC 2005

    Modified Files:
            pkgsrc/devel/bugzilla: Makefile PLIST distinfo

    Log Message:
    - Update to 2.18.3
    - Update addresses two security issues
    - From the ChangeLog:

    > Version 2.18.2
    > --------------
    >
    > + You can now create accounts with createaccount.cgi even
    >   when the "requirelogin" parameter is turned on. (Bug 294778)
    >
    > + Bugs that are in disabled groups may not show a padlock
    >   on the bug list, or may otherwise behave strangely. You
    >   can now fix this using sanitycheck.cgi. (Bug 277454)
    >
    > + If sendmail dies while you are marking a bug
    >   as a duplicate, the duplicates table will no longer become
    >   corrupted. (Bug 225042)
    >
    > + Any user can change a flag on any bug. This also allows the
    >   attacker to expose the summary of any bug, even a hidden bug.
    >
    > + Summaries of private bugs are sometimes exposed under a very rare
    >   condition if you use MySQL replication.
    >
    > Version 2.18.3
    > --------------
    >
    > + The query.cgi page was broken in 2.18.2 by bug 300138.
    >   That is now fixed.


To generate a diff of this commit:
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/devel/bugzilla/Makefile
cvs rdiff -r1.3 -r1.3.2.1 pkgsrc/devel/bugzilla/PLIST
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/devel/bugzilla/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.