From cf01cf12992578c602c4f56264ee065b263fc621 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Thu, 24 Jul 2014 16:40:20 +0000
Subject: Bug 1042088 - Release notes for 4.2.10 r=glob

---
 template/en/default/pages/release-notes.html.tmpl | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'template/en')

diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index f06c7450e..1290ca97f 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -53,6 +53,12 @@
 
 <h2 id="v42_point">Updates in this 4.2.x Release</h2>
 
+<h3>4.2.10</h3>
+
+<p>This release fixes one security issue. See the
+  <a href="http://www.bugzilla.org/security/4.0.13/">Security Advisory</a>
+    for details.</p>
+
 <h3>4.2.9</h3>
 
 <p>This release fixes one regression introduced in [% terms.Bugzilla %] 4.2.8 by
-- 
cgit v1.2.3-24-g4f1b


From b07267acd0301aef84aa74fc4aea39481cea6ad5 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Mon, 6 Oct 2014 14:14:47 +0000
Subject: Bug 1072492: Release notes for 4.2.11 r=LpSolit,a=sgreen

---
 template/en/default/pages/release-notes.html.tmpl | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'template/en')

diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index 1290ca97f..690d334ae 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -53,6 +53,12 @@
 
 <h2 id="v42_point">Updates in this 4.2.x Release</h2>
 
+<h3>4.2.11</h3>
+
+<p>This release fixes several security issues. See the
+  <a href="http://www.bugzilla.org/security/4.0.14/">Security Advisory</a>
+    for details.</p>
+
 <h3>4.2.10</h3>
 
 <p>This release fixes one security issue. See the
-- 
cgit v1.2.3-24-g4f1b


From ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Oct 2014 14:25:06 +0000
Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments
 r=dkl,a=sgreen

---
 template/en/default/filterexceptions.pl       | 1 -
 template/en/default/global/messages.html.tmpl | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 897ab148e..402862734 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -186,7 +186,6 @@
 ],
 
 'global/messages.html.tmpl' => [
-  'message_tag', 
   'series.frequency * 2',
 ],
 
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 2567d4a7a..6cc15ccd8 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -941,7 +941,7 @@
 [% IF !message %]
   [% message = BLOCK %]
     You are using [% terms.Bugzilla %]'s messaging functions incorrectly. You
-    passed in the string '[% message_tag %]'. The correct use is to pass
+    passed in the string '[% message_tag FILTER html %]'. The correct use is to pass
     in a tag, and define that tag in the file messages.html.tmpl.<br>
     <br>
     If you are a [% terms.Bugzilla %] end-user seeing this message, please
-- 
cgit v1.2.3-24-g4f1b


From 976dc12e4ed769bc02ffeb2be03bb1720e885135 Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Mon, 6 Oct 2014 14:42:40 +0000
Subject: Bug 1064140: [SECURITY] Private comments can be shown to flagmail
 recipients who aren't in the insider group r=glob,a=glob

---
 template/en/default/request/email.txt.tmpl | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl
index 65946a1e1..54bed2e25 100644
--- a/template/en/default/request/email.txt.tmpl
+++ b/template/en/default/request/email.txt.tmpl
@@ -80,11 +80,14 @@ Attachment [% attidsummary %]
 
 [%- FILTER bullet = wrap(80) %]
 
-[% USE Bugzilla %]
-[%-# .defined is necessary to avoid a taint issue in Perl < 5.10.1, see bug 509794. %]
-[% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
-------- Additional Comments from [% user.identity %]
-[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
+[% FOREACH comment = new_comments %]
+
+[%- IF comment.count %]
+--- Comment #[% comment.count %] from [% comment.author.identity %] ---
+[% ELSE %]
+--- Description ---
+[% END %]
+[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
 [% END %]
 
 [%- END %]
-- 
cgit v1.2.3-24-g4f1b


From 0ec036b02e033a63deacd9a7ca8af7c77394c45f Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Mon, 6 Oct 2014 15:01:03 +0000
Subject: Bug 1054702: CSV export vulnerable to formulae injection
 r=glob,a=glob

---
 template/en/default/reports/report-table.csv.tmpl | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/reports/report-table.csv.tmpl b/template/en/default/reports/report-table.csv.tmpl
index 4d8b50a85..c978cf981 100644
--- a/template/en/default/reports/report-table.csv.tmpl
+++ b/template/en/default/reports/report-table.csv.tmpl
@@ -39,11 +39,13 @@
   [% END %]
   [% tbl_field_disp FILTER csv %]: [% tbl_disp FILTER csv %]
 [% END %]
-[% IF row_field %]
+[% IF row_field && col_field %]
+  [% row_field_disp _ ' / ' _ col_field_disp FILTER csv %]
+[% ELSIF row_field %]
   [% row_field_disp FILTER csv %]
+[% ELSE %]
+  [% col_field_disp FILTER csv %]
 [% END %]
-[% " / " IF col_field AND row_field %]
-[% col_field_disp FILTER csv %]
 [% IF col_field -%]
   [% FOREACH col = col_names -%]
     [% colsepchar %]
-- 
cgit v1.2.3-24-g4f1b