Change log for bugzilla package in Ubuntu
1 → 33 of 33 results | First • Previous • Next • Last |
Deleted in precise-release (Reason: (From Debian) RoST; open security issues, unmaintained; D...) |
Obsolete in oneiric-release |
Obsolete in natty-release |
bugzilla (3.6.3.0-2) unstable; urgency=medium * Support for noninteractive mode in Debconf. Closes: #602738 * Added missing package dependency against liburi-perl. Removed non exsiting package option libgd-noxpm-perl. * Urgency set to medium because previous version is not accepted for testing. * Parallel build for Makefiles is working now. * Surrpress error messages for non existing template directories if checksetup fails (in noninteractive mode). * Extensions are not installed by default. They exist as documentation. -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 22 Nov 2010 10:15:07 +0000
Available diffs
- diff from 3.6.3.0-1 to 3.6.3.0-2 (3.1 KiB)
bugzilla (3.6.3.0-1) unstable; urgency=medium * New upstream release. Closes: #602420 * Fixed vulnerability CVE-2010-3172: By inserting a certain string into a URL, it was possible to inject both headers and content to any browser that supported "Server Push" (mostly only Gecko-based browsers like Firefox). This could lead to Cross-Site Scripting vulnerabilities, and possibly other more dangerous security issues as well. * Fixed vulnerability CVE-2010-3764: The Old Charts system generated graphs with predictable names into the "graphs/" directory, which also could be browsed to see its contents. This allowed unauthorized users to see product names and charted information about those products over time. * Fixed references to YUI components used by language templates. * Fixed missing images. * Surrpress error messages at installation stage. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 16 Nov 2010 10:05:41 +0000
Available diffs
- diff from 3.6.2.0-4 to 3.6.3.0-1 (6.0 MiB)
bugzilla (3.6.2.0-4) unstable; urgency=low * Upgrade from Lenny to Squeeze fixed. Closes: #600170 * Password may contain special charactres. Closes: #594583 * Suppress cron messages for non existing directories. Closes: #595489 * Suppress Germzilla (German translation) version warning. * [Debconf translation updates] - Vietnamese (Clytie Siddall) Closes: #598479 -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 28 Oct 2010 11:46:40 +0000
Available diffs
- diff from 3.6.2.0-3 to 3.6.2.0-4 (5.9 KiB)
bugzilla (3.6.2.0-3) unstable; urgency=low * [Debconf translation updates] - Spanish (Francisco Javier Cuadrado). Closes: #594766, #595230 - German (Helge Kreutzmann). Closes: #595186 - French (Christian Perrier). Closes: #594929 - Russian (Yuri Kozlov). Closes: #595261 - Czeck (Michal Simunek). Closes: #595277 - Swedish (Martin Bagge). Closes: #595350 - Italian (Vincenzo Campanella). - Danish (Joe Dalton). Closes: #595383 - Basque (Iñaki Larrañaga Murgoitio). - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #596436 - Portuguese (Miguel Figueiredo). Closes: #596279
Available diffs
- diff from 3.6.2.0-1 to 3.6.2.0-3 (25.2 KiB)
bugzilla (3.6.2.0-1) unstable; urgency=low * New upstream release. Closes: #592212 * Increased Standards-Version to 3.9.1; no changes. * Due to tons of bug reports with missconfigured database server environment I've disabled the DB check at installation time ($db_check=0) and added more code to handle database connect errors at installation/configuration time. LP: #584827, #546954, #584819 * Bugzilla will be disabled if configuration/installation failes. Closes: #557357 * [Debconf translation updates] - Czech (Slavko). Closes: #591943 - Swedish (Martin Bagge). Closes: #592036 - Portuguese. Closes: #592160 -- Micah Gersten <email address hidden> Sun, 08 Aug 2010 15:38:06 +0200
Available diffs
- diff from 3.6.1.0-0.1 to 3.6.2.0-1 (946.6 KiB)
Superseded in maverick-release |
bugzilla (3.6.1.0-0.1) experimental; urgency=low * New upstream release. -- Micah Gersten <email address hidden> Sun, 18 Jul 2010 22:33:21 +0200
Available diffs
- diff from 3.4.7.0-3 to 3.6.1.0-0.1 (7.1 MiB)
bugzilla (3.4.7.0-3) unstable; urgency=low * Fixed permissions on /usr/share/perl5/Bugzilla for old installations. Closes: #571107 * Fixed access rights for /etc/bugzilla3/localconfig. Closes: #571107 * Using database administrator account to run sanitycheck.pl from daily cron job; maintainer field is not used anymore. Closes: #560140 * [Debconf translation updates] - Czech (Jan Outrata). Closes: #590084 - Japanese (Hideki Yamane). Closes: #590228 - Portuguese (Miguel Figueiredo). Closes: #590187
Available diffs
- diff from 3.4.7.0-1 to 3.4.7.0-3 (10.2 KiB)
bugzilla (3.4.7.0-1) unstable; urgency=medium * New upstream release. Closes: #544367 LP: #415451 * Security fixes CVE-2010-1204 CVE-2010-0180; set urgency to medium. Closes: #587663 * Fixed typo. Closes: #568110, #576350 * Fixed translations. Closes: #561518, #561517 * Increased Standards-Version to 3.9.0; no changes. * Switch to dpkg-source 3.0 (quilt) format. -- Artur Rona <email address hidden> Tue, 13 Jul 2010 14:56:34 +0200
Available diffs
- diff from 3.2.5.1-3 to 3.4.7.0-1 (7.1 MiB)
bugzilla (3.2.5.1-3) unstable; urgency=low * Syntax and spelling corrections to the README.Debian file. Closes: #568110 * Typo on bugzilla3.templates and update of translations. Closes: #576350, #561517 -- Ubuntu Archive Auto-Sync <email address hidden> Sun, 20 Jun 2010 02:59:38 +0100
Available diffs
- diff from 3.2.5.1-2 to 3.2.5.1-3 (6.6 KiB)
bugzilla (3.2.5.1-2) unstable; urgency=low * Fixed dash compatibility within ../bugzilla3/lib/checksetup.pl. Closes: #558238
Available diffs
- diff from 3.2.4.0-3ubuntu1 to 3.2.5.1-2 (1.4 MiB)
bugzilla (3.2.4.0-3ubuntu1) karmic; urgency=medium * Fix installable problem (LP: #414985): - Depend on libjs-yui, not yui. - Fix typo in Recommends on imagemagick. -- Artur Rona <email address hidden> Mon, 17 Aug 2009 21:47:47 +0200
Available diffs
- diff from 3.2.4.0-3 to 3.2.4.0-3ubuntu1 (816 bytes)
bugzilla (3.2.4.0-3) unstable; urgency=medium * Changed processing of Status/Resolution field changes. I hope this modification is less disturbing for 99% of typical installations. * Fixed ucf warning. Closes: #521855 * (Ubuntu) Fixed processing of manual checksetup.pl execution. LP: #398892, #394972, #394846, #367476, #301909, #317963, #313310 * (Ubuntu) Installation of outstanding packages is not supported. LP: #389962 * (Ubuntu) perl-modules=5.10.0-24 provides the CGI package of version 3.29 which is not enought to bugzilla. For Perl 5.10 version 3.33 of CGI package is required. LP: #386620 * (Ubuntu) Added cvs and imagepagick to Recommends. LP: #386598 * (Ubuntu) Applied example from Rolf Leggewie for vh-basic.conf. LP: #386608 * (Ubuntu) Restart of apache2 added. LP: #300566 * (Ubuntu) Processing of templates fixed by pre-checksetup.d script. LP: #302192 * (Ubuntu) The sym-link /usr/share/bugzilla3/web/data -> /var/lib/bugzilla3/data is valid. LP: #386592 * (Ubuntu) Sendmail support is fixed upstream. LP: #281379 * (Ubuntu) Change file permissions for skins after checksetup.pl call. LP: #314123 * (Ubuntu) Fixed file permissions in /etc/bugzilla3. LP: #386604
Available diffs
- diff from 3.2.0.1-1 to 3.2.4.0-3 (5.4 MiB)
bugzilla (3.2.0.1-1) unstable; urgency=low * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Closes: #507533 * [Debconf translation updates] - German. Closes: #507594 - Swedish. Closes: #506601 - Japanese. Closes: #507773 - Portuguese. Closes: #507813, #508317 - French. Closes: #508164 - Russian. Closes: #508290 - Italian. Closes: #508530 - Basque. Closes: #508892 * Fixed skin support. Closes: #509020 * checksetup.pl is now a wrapper shell script which run-parts /usr/share/bugzilla3/debian/{pre,post}-checksetup.d directories. Scripts in those directories take care about the configuration. The configuration variable webdotbase is preset to the right value. Closes: #494091 * If Status/Resolution filds were modified, checksetup.pl is *not* started but installation procedure is finished successful. The user have to restart dpkg-reconfigure bugzilla3 after modified checksetup_nondebian.pl. * If package is installed from scratch the /etc/apache2/conf.d/bugzilla3 is sym-linked to /usr/share/doc/bugzilla3/examples/basic.conf. Bugzilla works out of the box in this case. * Support for PostgreSQL is missing right now (see bug 511331) but it's possible right now to install this package without db-config support and do everthing manually. Closes: #507555 -- Iain Lane <email address hidden> Wed, 21 Jan 2009 11:38:57 +0000
Available diffs
- diff from 3.2.0.0~rc2-1 to 3.2.0.1-1 (4.4 MiB)
bugzilla (3.0.4.1-2ubuntu1.1) intrepid-security; urgency=low * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.(LP: #281915) - debian/maintenance/33_CVE-2008-4437.sh: upstream patch with regex to remove any leading path data from the filename. - CVE-2008-4437 -- Stefan Lesicnik <email address hidden> Mon, 13 Oct 2008 11:52:24 +0200
Available diffs
bugzilla (2.22.1-2.2ubuntu1.8.04.1) hardy-security; urgency=low * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.(LP: #281915) - debian/patches/CVE-2008-4437.dpatch: upstream patch with regex to remove any leading path data from the filename. - CVE-2008-4437 -- Stefan Lesicnik <email address hidden> Sat, 11 Oct 2008 21:56:21 +0200
Available diffs
bugzilla (2.22.1-2.2ubuntu1.7.10.1) gutsy-security; urgency=low * SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.(LP: #281915) - debian/patches/CVE-2008-4437.dpatch: upstream patch with regex to remove any leading path data from the filename. - CVE-2008-4437 -- Stefan Lesicnik <email address hidden> Sat, 11 Oct 2008 21:56:21 +0200
Available diffs
Superseded in jaunty-release |
bugzilla (3.2.0.0~rc2-1) unstable; urgency=low * Update to new release.
Available diffs
bugzilla (3.0.4.1-2ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - added Homepage field. -- Emanuele Gentili <email address hidden> Thu, 14 Aug 2008 20:43:29 +0200
Available diffs
Superseded in intrepid-release |
bugzilla (3.0.4.1-1ubuntu1) intrepid; urgency=low * debian/control: + added Homepage field. -- Emanuele Gentili <email address hidden> Tue, 12 Aug 2008 17:47:15 +0200
Available diffs
- diff from 3.0.4.1-1 to 3.0.4.1-1ubuntu1 (656 bytes)
bugzilla (3.0.4.1-1) unstable; urgency=low * Update of French, Russian and German translations. (closes: #488251) * Added Bulgarian and Belarusian translations.
Available diffs
- diff from 3.0.4-0ubuntu1 to 3.0.4.1-1 (5.9 MiB)
Superseded in intrepid-release |
bugzilla (3.0.4-0ubuntu1) intrepid; urgency=low * New upstream release (LP: #138886, #235701). * Removed "CVS" directories and ".cvsignore" files from upstream tarball. * Added patches/ubuntu_01_bugzilla_libpath.dpatch - newly updated as necessary version of old 01_libpath.dpatch patch. * Added patches/01_debian_package_version.dpatch - replaces old patch 01_VERSION.dpatch, simply changes the version of Bugzilla to show the Debian packaging's versioning. * Added patches/ubuntu_05_makefile_install.dpatch - Use a Makefile to install Bugzilla to the correct locations. Based on Makefile in old package but in patch form. * Removed 02_checksetup.dpatch - fixed upstream. * Removed 101_Config.diff - upstream has changed codebase. * Renamed 06_contrib.dpatch to ubuntu_02_contrib_shebang_fixes.dpatch - corrects 'shebangs' which point to /usr/local/bin/ to /usr/bin/. * Renamed 08_showdependencygraph.dpatch to ubuntu_03_showdependencygraph_url_fixes.dpatch and updated code as necessary - fixes graph URL to make the webdot generation possible. * Removed CVE-2007-0791.dpatch - applied to upstream code. * Removed CVE-2007-4543.dpatch - applied to upstream code. * Renamed 09_homelink.dpatch to ubuntu_04_fixed_homepage_linked.dpatch - upstream now has links in 'template/en/default/global/common-links.html.tmpl' instead of 'useful-links.html.tmpl'. * Removed 03_webpath.dpatch - upstream has changed stylesheet layout. * Updated 10_perl_scripts_shebang.dpatch and removed part on "globals.pl" - no longer in source. * Removed Debian vhost support patches (see docs/html/multiple-bz-dbs.html for how to run multiple Bugzilla instances): - Removed 04_Config.pm.dpatch - duplicate patch and unable to adapt it to new upstream code. - Removed 07_virtualhosting.dpatch - duplicate patch of 04_Config.pm.dpatch. - Removed 'debian/examples' - contained Apache VHost example setup files for Bugzilla. - Removed section about vhosts from README.Debian. * debian/rules: - Removed rules for "vhost conf dir", "examples" and "101_Config.diff" installation rules. - Removed part about bugzilla-fr package. - Remved part about "whine.pl" - now in Makefile. - Added rules to check the setup with upstream's "checksetup.pl" script. * debian/control: - Updated Standards-Version to 3.7.3. - Updated compatibity level and debhelper build dependency version to 6. - Added Homepage field to source package stanza. - Added part about seeing 'bugzilla' package for more info to 'bugzilla-docs'. - Added libapache2-mod-perl2, libtemplate-perl, libmime-perl, libappconfig-perl, libdbd-mysql-perl, libtimedate-perl, libgd-gd2-perl, libgd-text-perl, libxml-twig-perl, perlmagick, libemail-send-perl, libemail-mime-modifier-perl, libchart-perl, libgd-graph-perl, libhtml-scrubber-perl, libdbi-perl, libfile-spec-perl, libgd-graph-perl, libgd-text-perl, libnet-ldap-perl, libxml-parser-perl: to build dependencies with the necessary versions as stated by upstream in docs/html/installation.html - in order to check packaging correctly with 'checksetup.pl' in rules. Also updated the 'bugzilla' dependencies with the above (LP: #235461). - Removed dependencies on old "apache" packages as they are no longer in the archives. - Moved mail transport agents on 'bugzilla' from Depends to Suggests (LP: #156405). * debian/copyright: Updated the downloaded from link. * debian/bugzilla.docs: Added "QUICKSTART", "rel_notes.txt" and "UPGRADING" documentation from source tarball for inclusion in package. * debian/bugzilla-doc.doc-base: Corrected some spelling mistakes. * debian/bugzilla.postinst: Removed sections about 101_Config.diff. * Changed 'X_BUGZILLA_SITE' in bugzilla.cron.daily and bugzilla.postinst to 'PROJECT'. -- Jonathan Patrick Davies <email address hidden> Thu, 29 May 2008 17:20:32 +0200
Available diffs
bugzilla (2.22.1-2.2ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: - debian/rules: Install whine.pl in /usr/share/bugzilla/lib. - debian/control: Update maintainer field.
Superseded in gutsy-release |
bugzilla (2.22.1-2.1ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: - debian/rules: Install whine.pl in /usr/share/bugzilla/lib - Upate maintainer field in debian/control.
Superseded in gutsy-release |
bugzilla (2.22.1-2ubuntu1) gutsy; urgency=low * debian/rules: install whine.pl in /usr/share/bugzilla/lib * Closes (LP#: 65682) -- Barry deFreese <email address hidden> Sat, 11 Aug 2007 23:44:06 -0400
bugzilla (2.22.1-2) unstable; urgency=high * Depends on mysql-client as we provide mysql support with dbconfig-common. (closes: #398621) * Urgency set to high to fix the etch RC bug. * Updated the Bugzilla version (debian minor) in Bugzilla/Config.pm. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 16 Nov 2006 17:01:41 +0000
bugzilla (2.22.1-1) unstable; urgency=high * New upstream release (2.22.1) fixes several security issues (hence the high priority) + CVE-2006-5455: Cross-site request forgery (CSRF) vulnerability in `editversions.cgi'. + CVE-2006-5454: Previous versions allow remote attackers to obtain the description of arbitrary attachments. + CVE-2006-5453: Multiple cross-site scripting (XSS) vulnerabilities. (bug #395094 now affects only sarge) * Depends on libtemplate-perl (>= 2.10) * Depends on libmailtools-perl (>= 1.67)
bugzilla (2.22-1) unstable; urgency=low * New upstream release (2.22). (closes: #365304) * Tempaltes moved to `/var/lib/bugzilla' instead of `/usr/share/bugzilla' which is more appropriate, and compliant with README.Debian. (closes: #368605) * Doesn't overwrite `/etc/bugzilla/localconfig' silently, uses ucf for replacing this file so the local administrator can check if he wants to update the DB access or not. It's then possible to upgrade from version prior to 2.22 with denying to use dbconfig-common. (closes: #366961)
bugzilla (2.20-1) unstable; urgency=low * New upstream release. (closes: #331242) * New dependency: libmailtools-perl for Mail/Mailer.pm * New dutch po-debconf translation (Thanks to Luk Claes). (closes: #328675) * New catalan po-debconf translation (Thanks to Miguel Gea Milvaques). (closes: #328930) * New spanish po-debconf translation (Thanks to César Gómez Martín). (closes: #333900) * New german po-debconf translation (Thanks to Jens Nachtigall). (closes: #326794) * Added debconf-2.0 dependency. (closes: #331769) -- Alexis Sukrieh <email address hidden> Sat, 15 Oct 2005 18:55:24 +0200
bugzilla (2.18.4-1) unstable; urgency=high * New upstream minor release + Fixed a security issue: It was possible to bypass the "user visibility groups" restrictions if user-matching was turned on in "substring" mode. + Fixed a security issue: config.cgi exposed information to users who weren't logged in, even when "requirelogin" was turned on in Bugzilla. (closes: #331206) -- Alexis Sukrieh <email address hidden> Mon, 3 Oct 2005 16:51:01 +0200
Obsolete in hoary-security |
bugzilla (2.16.7-0.2ubuntu0.1) hoary-security; urgency=high * SECURITY UPDATE: cross-site scripting (XSS) * CGI.pl: - Applied patch from upstream. * template/en/default/global/code-error.html.tmpl: - Applied patch from upstream. * References: CAN-2004-1061 -- Christian Bjälevik <email address hidden> Fri, 6 May 2005 09:56:00 +0200
Obsolete in hoary-release |
bugzilla (2.16.7-0.2) unstable; urgency=medium * NMU 0-days due to serious/important bug solving which prevents bugzilla entering testing. [ Alexis Sukrieh ] * Post-inst won't fail anymore when no MySQL server is available. Added an automatic way of setting up the MySQL server if /etc/mysql/debian.cnf exists, will read values from it then. (closes: #250638) * Using a MySQL user with '-' inside its name won't fail anymore. (closes unreported bug) * Better handling on DBI connection errors. When DBI complains about something, user is not confused anymore by ugly error messages. (closes: #154249) * Running checksetup.pl by hand won't break the Bugzilla's installation anymore. User can use it as he want without running dpkg-reconfigure. (closes: #200707) [ Francesco P. Lovergine ] * Now rules removes .cvsignore file which trashes /usr/share/bugzilla/template. * Added virtual package httpd to the list of web server. (closes: #213784) -- Francesco Paolo Lovergine <email address hidden> Tue, 7 Dec 2004 22:54:45 +0100
Obsolete in warty-security |
bugzilla (2.16.5-2ubuntu0.2) warty-security; urgency=high * SECURITY UPDATE: multiple vulnerabilities * CGI.pl, template/en/default/global/code-error.html.tmpl: - Substitute <, > and & with their HTML alternatives to prevent XSS. - CAN-2004-1061 * editgroups.cgi, editusers.cgi: - Rewrite of the SQL querys for grouphandling to prevent SQL injection. - CAN-2004-0707 * editgroups.cgi, editusers.cgi, editcomponents.cgi, editmilestones, editproducts.cgi, editversions.cgi: - Removed un-needed form value display code to fix an XSS vulnerability. - CAN-2004-0705 * buglist.cgi, duplicates.cgi: - Added a check to see if the user is priviledged to see a hidden product. This prevents an information leak that showed the user all products by visiting duplicates.cgi. Also the check was needed for buglist.cgi. - CAN-2004-0704 * References: http://www.bugzilla.org/security/2.16.5/ -- Christian Bjälevik <email address hidden> Thu, 14 Jun 2005 11:06:00 +0200
bugzilla (2.16.5-2) unstable; urgency=low * Duplicate table creation is now also fixed in bugzilla.postinst (closes: #224288) -- Rémi Perrot <email address hidden> Fri, 2 Apr 2004 01:13:32 +0200
1 → 33 of 33 results | First • Previous • Next • Last |