FreeBSD Ports: bugzilla

Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades. https://bugzilla.mozilla.org/show_bug.cgi?id=777398 https://bugzilla.mozilla.org/show_bug.cgi?id=777586 http://www.vuxml.org/freebsd/58253655-d82c-11e1-907c-20cf30e32f6d.html
Insight
The following package is affected: bugzilla CVE-2012-1968 Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. CVE-2012-1969 The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.