Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
213,812 Commits 3,986 Branches 0 Tags
Commit Graph

2081 Commits

Author SHA1 Message Date
mkanat%bugzilla.org
e86a5d6b73 Bump version to 3.6.10 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@264074 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-26 21:30:39 +00:00
mkanat%bugzilla.org
6d13074b6a Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is still visible to unauthorized users when mentioned in a comment 
r=glob a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@264073 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-26 21:16:55 +00:00
mkanat%bugzilla.org
309bf3cd85 Bug 776103 - Syntax error in Bugzilla::User::Setting API doc 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@264065 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-25 21:46:57 +00:00
mkanat%bugzilla.org
c0ffaa3dc3 Bumping the version post-release 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263718 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-18 22:33:02 +00:00
mkanat%bugzilla.org
5862edbca2 Bump version to 3.6.9 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263715 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-18 18:02:59 +00:00
mkanat%bugzilla.org
c1c0a4c1cb Bug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed by altering the X-FORWARDED-FOR header 
r=glob a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263711 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-18 17:06:52 +00:00
mkanat%bugzilla.org
9b29417520 Bug 746547: SMALLSERIAL is of type INT2, not INT1 
r=timello a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263709 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-18 15:04:18 +00:00
mkanat%bugzilla.org
674f412e5a Bug 727240: The POD for Bug.attachments is wrong about the format of the returned data 
r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263407 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-14 22:24:30 +00:00
mkanat%bugzilla.org
c96e22999f Bump the version number post-release 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263354 18797224-902f-48f8-a5cc-f745e15eee43
 2012-02-01 00:04:54 +00:00
mkanat%bugzilla.org
d02663492b Bumped to version 3.6.8 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263349 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-31 17:01:35 +00:00
mkanat%bugzilla.org
cb38f60950 Bug 718319: (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required) 
r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263342 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-31 16:19:08 +00:00
mkanat%bugzilla.org
4ca780e6c7 Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident 
r=glob a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263340 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-31 16:08:48 +00:00
mkanat%bugzilla.org
a92a44053c Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due to non-backward compatibility 
r=dkl r=mkanat a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263226 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-05 01:02:37 +00:00
mkanat%bugzilla.org
d4f4860b94 Bump the version number post-release 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263216 18797224-902f-48f8-a5cc-f745e15eee43
 2011-12-29 18:03:54 +00:00
mkanat%bugzilla.org
7479c3d169 Bump version for 3.6.7 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263209 18797224-902f-48f8-a5cc-f745e15eee43
 2011-12-28 23:17:36 +00:00
mkanat%bugzilla.org
756f0c559e Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account 
r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263205 18797224-902f-48f8-a5cc-f745e15eee43
 2011-12-28 22:21:31 +00:00
mkanat%bugzilla.org
54bf1614e5 Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode 
r=gerv, a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263202 18797224-902f-48f8-a5cc-f745e15eee43
 2011-12-28 22:03:37 +00:00
mkanat%bugzilla.org
34eb69f55e Bug 692354: Incorrect parameter type in WebServices documentation for Bug.add_comment 
r/a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263135 18797224-902f-48f8-a5cc-f745e15eee43
 2011-12-05 21:35:28 +00:00
mkanat%bugzilla.org
9a9e9ee3cf Bug 707594: Fix broken account lockout notifications 
r=LpSolit, a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263130 18797224-902f-48f8-a5cc-f745e15eee43
 2011-12-05 16:48:52 +00:00
mkanat%bugzilla.org
4d19b12121 Bug 531257: Wrong error codes in WebServices documentation 
r=gerv a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@263076 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-16 17:02:28 +00:00
mkanat%bugzilla.org
16f2744e63 Bug 691243: Fix typo 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262987 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-15 13:35:13 +00:00
mkanat%bugzilla.org
e0f7f71b31 Bump the version number post-release. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262610 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-06 00:19:39 +00:00
mkanat%bugzilla.org
997061796a Bump version number for 3.6.6. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262593 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-05 00:18:47 +00:00
mkanat%bugzilla.org
9ed06e7b6e Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause XSS on this domain in IE 6-8 and Safari 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262585 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-04 20:49:57 +00:00
mkanat%bugzilla.org
79ac518c92 Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows 
r=glob a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262584 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-04 20:33:34 +00:00
mkanat%bugzilla.org
a4c8ab1653 Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug 
r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262583 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-04 20:20:54 +00:00
mkanat%bugzilla.org
91d4f8b7b2 Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containing newline are corrupt 
[r=glob a=LpSolit]


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262580 18797224-902f-48f8-a5cc-f745e15eee43
 2011-08-04 19:34:39 +00:00
mkanat%bugzilla.org
b77fa6e570 Bump the version number post-release. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262263 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-28 04:06:09 +00:00
mkanat%bugzilla.org
19fdf4332b Bump version number for 3.6.5. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262259 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-28 02:20:06 +00:00
mkanat%bugzilla.org
e4f4fed7d3 Bug 646578: Make Math::Random::Secure fail to install if its dependencies 
don't install properly, when using install-module.pl.
r=glob, a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@262244 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-27 22:22:46 +00:00
mkanat%bugzilla.org
aff8064de6 Bug 490322: Make "allwords" work with the keywords field, again. 
r=glob, a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261942 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-15 05:48:11 +00:00
mkanat%bugzilla.org
535075a875 Bug 480044: Use dashes instead of colons to separate bug IDs in the BUGLIST cookie, because colons are HTML-escaped, making the cookie bigger than the 4k limit 
r=mkanat a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261941 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-14 22:04:53 +00:00
mkanat%bugzilla.org
3eb5521896 Remove tabs and fix some formatting in Bugzilla::DB::Pg. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261940 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-14 20:36:14 +00:00
mkanat%bugzilla.org
e9009e86e3 Bug 633055: Make Bug.legal_values explicitly throw an error if you pass "undef" 
for the "field" parameter
r=dkl, a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261939 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-14 20:31:54 +00:00
mkanat%bugzilla.org
9f3d5702d4 Bug 616981: Make whine.pl work with PostgreSQL 8.4+ by fixing sql_string_until 
r=mkanat, a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261938 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-14 20:27:00 +00:00
mkanat%bugzilla.org
1874eef40e Bug 633422: Fix the documentation for User.get's include_disabled parameter 
and make User.get check that its required parameters are passed.
r=LpSolit, a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261932 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-14 07:51:04 +00:00
mkanat%bugzilla.org
bc19b49de9 Add missing documentation. r=mkanat. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261848 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-27 12:06:49 +00:00
mkanat%bugzilla.org
2835c33f35 Bump the version number post-release. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261828 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-25 02:06:03 +00:00
mkanat%bugzilla.org
0aa5df3a3e Bump the version number for 3.6.4. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261820 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-24 23:45:11 +00:00
mkanat%bugzilla.org
cc59d868e7 Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness of 
generate_random_password, to protect against an account compromise issue
and other critical vulnerabilities.
r=LpSolit, a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261817 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-24 22:07:59 +00:00
mkanat%bugzilla.org
72a8e0036b Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace 
and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261813 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-24 18:53:58 +00:00
mkanat%bugzilla.org
3894d17d04 Bug 591165: (CVE-2010-4411) [SECURITY] Bump minimum required version of CGI.pm to v3.51 in order to address header injection vulnerability. 
[r=mkanat a=mkanat]


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261784 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-21 21:22:55 +00:00
mkanat%bugzilla.org
383bca84ad Bug 588013: Fix typo 
r/a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261692 18797224-902f-48f8-a5cc-f745e15eee43
 2010-12-27 22:05:20 +00:00
mkanat%bugzilla.org
dae96dea7a Bug 611974: collectstats.pl --regenerate fails with PostgreSQL 8.4.x (sql_from_days() doesn't accept integers as argument) 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261564 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-14 19:23:27 +00:00
mkanat%bugzilla.org
1eea0565f5 Bug 611623: The alias is not filtered in QuickSearch when passed to show_bug.cgi 
r=glob a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261561 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-13 00:20:10 +00:00
mkanat%bugzilla.org
b382f2321b Bug 591165: (CVE-2010-2761) [SECURITY] Bump minimum required version of CGI.pm to v3.50 in order to address header injection vulnerability. 
[r=mkanat a=mkanat]


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261557 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-11 02:20:43 +00:00
mkanat%bugzilla.org
4502635fa9 Bug 611129: Quicksearch fails in 3.6.3 if List::MoreUtils is not installed 
r/a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261547 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-10 23:46:49 +00:00
mkanat%bugzilla.org
2324bbecc4 Bug 596611: Add a hook to email_in.pl 
r/a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261527 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-04 17:23:45 +00:00
mkanat%bugzilla.org
5c5dcff6b1 Bug 474766: The [details] string is duplicated when replying to a comment containing a link to an attachment 
r/a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261524 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-04 17:09:26 +00:00
mkanat%bugzilla.org
e2d2059f0b Bump the version number post-release. 
git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_6-BRANCH@261518 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-03 01:50:41 +00:00