Date: Tue, 7 Jun 2005 10:39:24 GMT From: Francisco Alves Cabrita <include@npf.deec.uc.pt> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/81984: [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions Message-ID: <200506071039.j57AdOgo073005@www.freebsd.org> Resent-Message-ID: <200506071040.j57AeSaC082480@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 81984 >Category: ports >Synopsis: [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jun 07 10:40:28 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Francisco Alves Cabrita >Release: FreeBSD 5.4-RELEASE >Organization: Núcleo Português de FreeBSD >Environment: FreeBSD fac.e10.pt 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sat May 7 23:33:40 WEST 2005 fac@fac.e10.pt:/usr/obj/usr/src/sys/MOBILE i386 >Description: Under various (and differing) circumstances, multiple vulnerabilities exist that allow an attacker to steal cookie information, initiatiate XSS and SQL injection attacks. >How-To-Repeat: >Fix: Security Patch for All Mambo 4.5.x Versions -- Makefile_SAFE Tue Jun 7 11:22:57 2005 +++ Makefile Tue Jun 7 11:25:17 2005 @@ -5,13 +5,15 @@ # $FreeBSD: ports/www/mambo/Makefile,v 1.2 2005/05/29 09:07:41 thierry Exp $ PORTNAME= mambo -PORTVERSION= 4.5.2.1 +PORTVERSION= 4.5.2.2 PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://mamboforge.net/frs/download.php/4004/:source1 \ - http://mamboforge.net/frs/download.php/4043/:source2 + http://mamboforge.net/frs/download.php/4043/:source2 \ + http://mamboforge.net/frs/download.php/5886/:source3 DISTFILES= ${MAMBO_SRC}:source1 \ - ${MAMBO_PATCH}:source2 + ${MAMBO_PATCH1}:source2 \ + ${MAMBO_PATCH2}:source3 MAINTAINER= include@npf.pt.freebsd.org COMMENT= A dynamic web content management system (CMS) @@ -31,12 +33,14 @@ DIST_SUBDIR= ${PORTNAME} MAMBO_SRC= MamboV4.5.2-Stable.tar.gz -MAMBO_PATCH= Patch_4.5.2_to_4.5.2.1.zip +MAMBO_PATCH1= Patch_4.5.2_to_4.5.2.1.zip +MAMBO_PATCH2= Patch_4.5.2_to_4.5.2.2.zip do-extract: @${MKDIR} ${WRKSRC} @${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC} - @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH} -d ${WRKSRC} + @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC} + @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC} @${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty do-install: PS: I already received an e-mail from pointyhat (Kris Kennaway)alerting me to insert more redundant mirros, sorry but for now i only have time to submite this important update. Thank in advance Francisco aka include >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506071039.j57AdOgo073005>