Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Jul 2008 08:16:52 +0200 (CEST)
From:      Hans Fredrik Nordhaug <hans@nordhaug.priv.no>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/126065: [MAINTAINER] www/pivot-weblog: update to 1.40.6
Message-ID:  <20080729061652.ADCEE40F3@nordhaug.priv.no>
Resent-Message-ID: <200807290640.m6T6e1Mt094963@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         126065
>Category:       ports
>Synopsis:       [MAINTAINER] www/pivot-weblog: update to 1.40.6
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 29 06:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Hans Fredrik Nordhaug
>Release:        FreeBSD 6.3-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD nordhaug.priv.no 6.3-RELEASE-p3 
>Description:
- Update to 1.40.6

This is a security update fixing CVE-2008-3128 - a directory traversal vulnerability in all prior Pivot 
1.40.x releases that for examples allows an attacker to read the usernames and password hashes of the
Pivot installation.

It also contains other various fixes and improvements, but no new features.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- pivot-weblog-1.40.6.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/Makefile /usr/ports/www/pivot-weblog.new/Makefile
--- /usr/ports/www/pivot-weblog/Makefile	2008-04-25 17:14:41.000000000 +0200
+++ /usr/ports/www/pivot-weblog.new/Makefile	2008-07-16 18:39:53.000000000 +0200
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	pivot-weblog
-PORTVERSION=	1.40.5
+PORTVERSION=	1.40.6
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
-DISTNAME=	pivot_1405_full
+DISTNAME=	pivot_1406_full
 
 MAINTAINER=	hans@nordhaug.priv.no
 COMMENT=	A web-based tool to help you maintain weblogs (or other dynamic sites)
diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/distinfo /usr/ports/www/pivot-weblog.new/distinfo
--- /usr/ports/www/pivot-weblog/distinfo	2008-04-25 17:14:41.000000000 +0200
+++ /usr/ports/www/pivot-weblog.new/distinfo	2008-07-29 08:07:01.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 (pivot_1405_full.zip) = 2a403301adfd5c08a53235d19db25897
-SHA256 (pivot_1405_full.zip) = 010043940c69b153796fdadbbed847a5bcf4246419d1b2de9edf9dddd8887346
-SIZE (pivot_1405_full.zip) = 2223749
+MD5 (pivot_1406_full.zip) = 126d19b9f1e76c40c372609ef0d6f08d
+SHA256 (pivot_1406_full.zip) = 57007d0f81e695cb19510a11a07e8a3436ff319e927119d703f11ad49f0990a1
+SIZE (pivot_1406_full.zip) = 2224093
--- pivot-weblog-1.40.6.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080729061652.ADCEE40F3>