Date: Tue, 7 Jun 2005 10:39:24 GMT From: Francisco Alves Cabrita <include@npf.deec.uc.pt> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/81984: [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions Message-ID: <200506071039.j57AdOgo073005@www.freebsd.org> Resent-Message-ID: <200506071040.j57AeSaC082480@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 81984
>Category: ports
>Synopsis: [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 07 10:40:28 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Francisco Alves Cabrita
>Release: FreeBSD 5.4-RELEASE
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sat May 7 23:33:40 WEST 2005 fac@fac.e10.pt:/usr/obj/usr/src/sys/MOBILE i386
>Description:
Under various (and differing) circumstances, multiple vulnerabilities exist that allow an attacker to steal cookie information, initiatiate XSS and SQL injection attacks.
>How-To-Repeat:
>Fix:
Security Patch for All Mambo 4.5.x Versions
-- Makefile_SAFE Tue Jun 7 11:22:57 2005
+++ Makefile Tue Jun 7 11:25:17 2005
@@ -5,13 +5,15 @@
# $FreeBSD: ports/www/mambo/Makefile,v 1.2 2005/05/29 09:07:41 thierry Exp $
PORTNAME= mambo
-PORTVERSION= 4.5.2.1
+PORTVERSION= 4.5.2.2
PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://mamboforge.net/frs/download.php/4004/:source1 \
- http://mamboforge.net/frs/download.php/4043/:source2
+ http://mamboforge.net/frs/download.php/4043/:source2 \
+ http://mamboforge.net/frs/download.php/5886/:source3
DISTFILES= ${MAMBO_SRC}:source1 \
- ${MAMBO_PATCH}:source2
+ ${MAMBO_PATCH1}:source2 \
+ ${MAMBO_PATCH2}:source3
MAINTAINER= include@npf.pt.freebsd.org
COMMENT= A dynamic web content management system (CMS)
@@ -31,12 +33,14 @@
DIST_SUBDIR= ${PORTNAME}
MAMBO_SRC= MamboV4.5.2-Stable.tar.gz
-MAMBO_PATCH= Patch_4.5.2_to_4.5.2.1.zip
+MAMBO_PATCH1= Patch_4.5.2_to_4.5.2.1.zip
+MAMBO_PATCH2= Patch_4.5.2_to_4.5.2.2.zip
do-extract:
@${MKDIR} ${WRKSRC}
@${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC}
- @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH} -d ${WRKSRC}
+ @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC}
+ @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC}
@${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty
do-install:
PS: I already received an e-mail from pointyhat (Kris Kennaway)alerting me to insert more redundant mirros, sorry but for now i only have time to submite this important update.
Thank in advance
Francisco aka include
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506071039.j57AdOgo073005>