From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Jul 29 06:40:02 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 855841065674
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 29 Jul 2008 06:40:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6D57B8FC1D
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 29 Jul 2008 06:40:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m6T6e1i9094964
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 29 Jul 2008 06:40:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m6T6e1Mt094963;
	Tue, 29 Jul 2008 06:40:01 GMT (envelope-from gnats)
Resent-Date: Tue, 29 Jul 2008 06:40:01 GMT
Resent-Message-Id: <200807290640.m6T6e1Mt094963@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Hans Fredrik Nordhaug <hans@nordhaug.priv.no>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 677AD1065672
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 29 Jul 2008 06:33:54 +0000 (UTC)
	(envelope-from root@nordhaug.priv.no)
Received: from nordhaug.priv.no (adsl-hfn.adsl.hiMolde.no [158.38.165.28])
	by mx1.freebsd.org (Postfix) with ESMTP id 284428FC1B
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 29 Jul 2008 06:33:54 +0000 (UTC)
	(envelope-from root@nordhaug.priv.no)
Received: from localhost (localhost [127.0.0.1])
	by nordhaug.priv.no (Postfix) with ESMTP id B115D40FE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 29 Jul 2008 08:17:32 +0200 (CEST)
Received: from nordhaug.priv.no ([127.0.0.1])
	by localhost (nordhaug.priv.no [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id O6VXoHUrrQOf for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 29 Jul 2008 08:16:52 +0200 (CEST)
Received: by nordhaug.priv.no (Postfix, from userid 0)
	id ADCEE40F3; Tue, 29 Jul 2008 08:16:52 +0200 (CEST)
Message-Id: <20080729061652.ADCEE40F3@nordhaug.priv.no>
Date: Tue, 29 Jul 2008 08:16:52 +0200 (CEST)
From: Hans Fredrik Nordhaug <hans@nordhaug.priv.no>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/126065: [MAINTAINER] www/pivot-weblog: update to 1.40.6
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2008 06:40:02 -0000


>Number:         126065
>Category:       ports
>Synopsis:       [MAINTAINER] www/pivot-weblog: update to 1.40.6
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 29 06:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Hans Fredrik Nordhaug
>Release:        FreeBSD 6.3-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD nordhaug.priv.no 6.3-RELEASE-p3 
>Description:
- Update to 1.40.6

This is a security update fixing CVE-2008-3128 - a directory traversal vulnerability in all prior Pivot 
1.40.x releases that for examples allows an attacker to read the usernames and password hashes of the
Pivot installation.

It also contains other various fixes and improvements, but no new features.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- pivot-weblog-1.40.6.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/Makefile /usr/ports/www/pivot-weblog.new/Makefile
--- /usr/ports/www/pivot-weblog/Makefile	2008-04-25 17:14:41.000000000 +0200
+++ /usr/ports/www/pivot-weblog.new/Makefile	2008-07-16 18:39:53.000000000 +0200
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	pivot-weblog
-PORTVERSION=	1.40.5
+PORTVERSION=	1.40.6
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
-DISTNAME=	pivot_1405_full
+DISTNAME=	pivot_1406_full
 
 MAINTAINER=	hans@nordhaug.priv.no
 COMMENT=	A web-based tool to help you maintain weblogs (or other dynamic sites)
diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/distinfo /usr/ports/www/pivot-weblog.new/distinfo
--- /usr/ports/www/pivot-weblog/distinfo	2008-04-25 17:14:41.000000000 +0200
+++ /usr/ports/www/pivot-weblog.new/distinfo	2008-07-29 08:07:01.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 (pivot_1405_full.zip) = 2a403301adfd5c08a53235d19db25897
-SHA256 (pivot_1405_full.zip) = 010043940c69b153796fdadbbed847a5bcf4246419d1b2de9edf9dddd8887346
-SIZE (pivot_1405_full.zip) = 2223749
+MD5 (pivot_1406_full.zip) = 126d19b9f1e76c40c372609ef0d6f08d
+SHA256 (pivot_1406_full.zip) = 57007d0f81e695cb19510a11a07e8a3436ff319e927119d703f11ad49f0990a1
+SIZE (pivot_1406_full.zip) = 2224093
--- pivot-weblog-1.40.6.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: