Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Feb 2005 11:55:55 GMT
From:      Kang Liu <liukang@bjut.edu.cn>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/78189: [maintainer] update www/phpbb to 2.0.13 to fix privilege elevation and path disclosure
Message-ID:  <200502281155.j1SBtthP047014@www.freebsd.org>
Resent-Message-ID: <200502281200.j1SC0e1G023808@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         78189
>Category:       ports
>Synopsis:       [maintainer] update www/phpbb to 2.0.13 to fix privilege elevation and path disclosure
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 28 12:00:39 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Kang Liu
>Release:        5.3
>Organization:
Beijing University of Technology
>Environment:
FreeBSD 5.3-STABLE #0: Thu Jan  6 17:37:44 CST 2005
>Description:
The phpbb developer group announces there are 2 security problems in phpbb 2.0.12, privilege elevation and path disclosure. (VuXML ID: 53e711ed-8972-11d9-9ff8-00306e01dda2)
In my patch:
1. update www/phpbb to 2.0.13
2. use DATADIR in pkg-plist
>How-To-Repeat:
2. portlint
>Fix:
--- Makefile.orig	Wed Feb 23 15:00:51 2005
+++ Makefile	Mon Feb 28 19:30:32 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpbb
-PORTVERSION=	2.0.12
+PORTVERSION=	2.0.13
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
--- distinfo.orig	Wed Feb 23 15:00:51 2005
+++ distinfo	Mon Feb 28 19:30:39 2005
@@ -1,2 +1,2 @@
-MD5 (phpBB-2.0.12.tar.bz2) = 5b77c23c22147c5d9719922b2f64d8fa
-SIZE (phpBB-2.0.12.tar.bz2) = 436885
+MD5 (phpBB-2.0.13.tar.bz2) = a8a286d3855b969e1e8757464accf095
+SIZE (phpBB-2.0.13.tar.bz2) = 436886
--- pkg-plist.orig	Wed Feb 23 15:00:51 2005
+++ pkg-plist	Mon Feb 28 19:30:44 2005
@@ -6,14 +6,14 @@
 %%PORTDOCS%%%%DOCSDIR%%/README.html
 %%PORTDOCS%%%%DOCSDIR%%/coding-guidelines.txt
 %%PORTDOCS%%%%DOCSDIR%%/codingstandards.htm
-share/phpbb/contrib/README.html
-share/phpbb/contrib/dbinformer.php
-share/phpbb/contrib/fixfiles.sh
-share/phpbb/contrib/template_db_cache.php
-share/phpbb/contrib/template_file_cache.php
-share/phpbb/install.php
-share/phpbb/update_to_latest.php
-share/phpbb/upgrade.php
+%%DATADIR%%/contrib/README.html
+%%DATADIR%%/contrib/dbinformer.php
+%%DATADIR%%/contrib/fixfiles.sh
+%%DATADIR%%/contrib/template_db_cache.php
+%%DATADIR%%/contrib/template_file_cache.php
+%%DATADIR%%/install.php
+%%DATADIR%%/update_to_latest.php
+%%DATADIR%%/upgrade.php
 %%PHPBBDIR%%/admin/admin_board.php
 %%PHPBBDIR%%/admin/admin_db_utilities.php
 %%PHPBBDIR%%/admin/admin_disallow.php

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502281155.j1SBtthP047014>