Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bump version number for 3.4.11.release-3.4.11bugzilla-3.4.11Max Kanat-Alexander2011-04-272-3/+3
| | | https://bugzilla.mozilla.org/show_bug.cgi?id=652474
* Bug 653275 - Release Notes for Bugzilla 3.4.11Max Kanat-Alexander2011-04-271-0/+11
| | | | r=LpSolit, a=LpSolit
* Bug 646578: Remove the usage of Math::Random::Secure, as it is too difficultMax Kanat-Alexander2011-04-273-34/+11
| | | | | to install on older branches. r=LpSolit, a=mkanat
* Bug 311392 - Typos and proper name of Red Hat's stuffMatt Selsky2011-03-222-10/+10
| | | | author=Matt Selksy <selsky_at_columbia_dot_edu>, r=dkl, a=mkanat
* Bug 586011 - Change references to 'DarwinPorts' to 'MacPorts' (proper ↵David Lawrence2011-03-181-3/+3
| | | | | | project name) author=Matt Selsky <selsky_at_columbia_dot_edu>, r=dkl,a=mkanat
* Bug 633422: Fix the documentation for User.get's include_disabled parameterMax Kanat-Alexander2011-02-131-0/+5
| | | | | and make User.get check that its required parameters are passed. r=LpSolit, a=mkanat
* Bump the version number post-release.Max Kanat-Alexander2011-01-241-1/+1
|
* Bump version number for 3.4.10.release-3.4.10bugzilla-3.4.10Max Kanat-Alexander2011-01-242-4/+4
|
* Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness ofMax Kanat-Alexander2011-01-244-5/+76
| | | | | | | generate_random_password, to protect against an account compromise issue and other critical vulnerabilities. r=LpSolit, a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=621591
* Bug 621105 - [SECURITY] Voting lacks CSRF protectionDavid Lawrence2011-01-243-0/+6
| | | | r=mkanat,a=LpSolit
* Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking ↵Frédéric Buclin2011-01-243-8/+20
| | | | | | | | | | for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit
* Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to ↵Reed Loden2011-01-241-3/+3
| | | | | | header-injection due to use of |print "Location:"| instead of $cgi->redirect [r=mkanat a=LpSolit]
* Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protectionFrédéric Buclin2011-01-242-2/+12
| | | | r=dkl a=LpSolit
* Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protectionFrédéric Buclin2011-01-243-3/+13
| | | | r=dkl a=LpSolit
* Bug 627930 - Release Notes for Bugzilla 3.4.10Max Kanat-Alexander2011-01-231-2/+10
| | | | r=LpSolit
* Bug 591165: (CVE-2010-4411) [SECURITY] Bump minimum required version of ↵Reed Loden2011-01-211-2/+2
| | | | | | CGI.pm to v3.51 in order to address header injection vulnerability. [r=mkanat a=mkanat]
* Bug 416784: In PostgreSQL 8.1 and newer, createuser takes the argument -R ↵Frédéric Buclin2010-11-271-3/+7
| | | | | | instead of -A r=manu a=LpSolit
* Bug 591165: (CVE-2010-2761) [SECURITY] Add CGI.pm v3.50 as an optional ↵Reed Loden2010-11-101-0/+9
| | | | | | module in order to address header injection vulnerability. [r=mkanat a=mkanat]
* Bump the version number post-release.Max Kanat-Alexander2010-11-021-1/+1
|
* Bump version number for 3.4.9.release-3.4.9bugzilla-3.4.9Max Kanat-Alexander2010-11-022-3/+3
| | | https://bugzilla.mozilla.org/show_bug.cgi?id=604255
* Bug 600464: (CVE-2010-3172) [SECURITY] Content/Header injection due to ↵Byron Jones2010-11-031-1/+2
| | | | | | non-random multipart/x-mixed-replace boundary r=mkanat a=LpSolit
* Bug 419014: (CVE-2010-3764) [SECURITY] Old charts are not project specific, ↵Frédéric Buclin2010-11-036-79/+73
| | | | | | and product names are viewable in graphs/ r=wurblzap a=LpSolit
* Bug 608645: Release Notes for Bugzilla 3.4.9Max Kanat-Alexander2010-10-311-0/+6
| | | | r=LpSolit, a=LpSolit
* Bug 589547: Wrong description for editing a flagA. Shimono (himorin)2010-09-191-2/+2
| | | | r/a=LpSolit
* Bug 589525: fix typoA. Shimono (himorin)2010-09-191-2/+1
| | | | r/a=LpSolit
* Bump version number post-release.Max Kanat-Alexander2010-08-051-1/+1
|
* Bump the version number for 3.4.8.release-3.4.8bugzilla-3.4.8Max Kanat-Alexander2010-08-052-3/+3
| | | https://bugzilla.mozilla.org/show_bug.cgi?id=580206
* Bug 583690: (CVE-2010-2759) [SECURITY][PostgreSQL] Bugzilla crashes when ↵Frédéric Buclin2010-08-053-2/+10
| | | | | | viewing a bug if a comment contains 'bug <num>' or 'attachment <num>' where <num> is greater than the max allowed integer r=mkanat a=LpSolit
* Bug 577139: (CVE-2010-2758) [SECURITY] request.cgi and duplicates.cgi let ↵Frédéric Buclin2010-08-043-10/+23
| | | | | | you know whether a product exists or not r=mkanat a=LpSolit
* Bug 450013: (CVE-2010-2757) [SECURITY] Can sudo a user without sending emailFrédéric Buclin2010-08-044-19/+57
| | | | r=glob a=LpSolit
* Bug 417048: (CVE-2010-2756) [SECURITY] Boolean charts let me query for users ↵Frédéric Buclin2010-08-041-2/+4
| | | | | | being in any given group r=mkanat a=LpSolit
* Bug 584428: Release Notes for Bugzilla 3.4.8Max Kanat-Alexander2010-08-041-0/+10
| | | | r=LpSolit
* Bug 455585: Installation docs should recommend using package management ↵Frédéric Buclin2010-07-151-5/+10
| | | | | | instead of CPAN r=glob
* Bug 193193: Better explain what the checkboxes in Edit Users-Group ↵Frédéric Buclin2010-07-151-1/+4
| | | | | | Access/Privileges are for r=glob
* Bug 472452: Rephrase documentation about deleting custom fieldsFrédéric Buclin2010-07-151-4/+7
| | | | r=glob
* Bug 536183: Docs claim bug lifecycle is "hard-coded" despite that's no ↵Frédéric Buclin2010-07-141-4/+6
| | | | | | longer true r=gerv a=mkanat
* Bug 577851: config.cgi crashes in 3.4.7, due to Bugzilla::Product::preload ↵Frédéric Buclin2010-07-141-3/+0
| | | | | | (backout of bug 553255) r/a=mkanat
* Bug 236651: Remove obsolete instructions from the "2.1.5 Perl Modules" sectionFrédéric Buclin2010-07-131-124/+10
| | | | r=reed
* Bump version number post-releaseMax Kanat-Alexander2010-06-241-1/+1
|
* Bump the version number for 3.4.7.release-3.4.7bugzilla-3.4.7Max Kanat-Alexander2010-06-242-3/+3
| | | https://bugzilla.mozilla.org/show_bug.cgi?id=559988
* Bug 309952: (CVE-2010-1204) [SECURITY] Protect boolean chart searches forMax Kanat-Alexander2010-06-241-0/+8
| | | | | | time-tracking fields from being used by users who are not in the timetrackinggroup. r=LpSolit, a=mkanat
* Bug 566198: Release Notes for Bugzilla 3.4.7Max Kanat-Alexander2010-06-211-0/+34
| | | | r=LpSolit, a=mkanat
* Bug 284650: Beginning a chart name with an "_" (underscore) causes errorsFrédéric Buclin2010-04-081-0/+3
| | | | r=mkanat a=LpSolit
* Bug 557686: PostgreSQL crashes when deleting a custom field of type Date/TimeFrédéric Buclin2010-04-071-5/+1
| | | | r=mkanat a=LpSolit
* Bug 557495: PostgreSQL crashes when deleting a custom field of type BugIDFrédéric Buclin2010-04-071-2/+4
| | | | r/a=mkanat
* Bug 515515: For clients, mid-air collision results when user's timezone ↵Frank Becker2010-04-022-23/+75
| | | | | | preference differs from server's r/a=mkanat
* Bug 548327: Administration page should have hooks to extend the admin linksTiago Mello2010-03-291-0/+4
| | | | r/a=mkanat
* Bug 548975: Under trunk Firefox builds with Direct2D enabled on Windows,Guy Pyrzak2010-03-281-1/+1
| | | | | <dt> tags were overly bold r=mkanat, a=mkanat
* Bug 549814 - "Internal error when using login fields in header/footer after ↵Reed Loden2010-03-281-1/+1
| | | | | | visiting token.cgi URL" [r=mkanat a=mkanat]
* Bug 533927 - "email address domain filtering is applying to non-email fields ↵Reed Loden2010-03-271-40/+32
| | | | | | in the history" [r=LpSolit a=LpSolit]