FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory.
Update your system with the appropriate patches or software upgrades.
The following package is affected: bugzilla CVE-2010-1204 in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a 'boolean chart search.' CVE-2010-0180 Install/ in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.