• update bugzilla ports to 5.0.1 / 4.4.10

o Users whose login name is not an email address could not log in on

installations which use LDAP to authenticate users.

o If a mandatory custom field was hidden, it was not possible to create a

new bug or to edit existing ones.

o A user editing his login name to point to a non-existent email address

could cause Bugzilla to stop working, causing a denial of service.

o Emails generated during a transaction made PostgreSQL stop working.
o Bugs containing a comment with a reference to a bug ID larger than 2^31

could not be displayed anymore using PostgreSQL.

o Emails sent by Bugzilla are now correctly encoded as UTF-8.
o The date picker in the "Time Summary" page was broken.
o If Test::Taint or any other Perl module required to use the JSON-RPC API

was not installed or was too old, the UI to tag comments was displayed
anyway, you could tag comments, but tags were not persistent (they were
lost on page reload). Now the UI to tag comments is not displayed at all
until the missing Perl modules are installed and up-to-date.

o Custom fields of type INTEGER now accept negative integers.

MFH: 2015Q3
Security: CVE-2015-4499
Security: ea893f06-5a92-11e5-98c0-20cf30e32f6d