From owner-cvs-all@FreeBSD.ORG  Wed Feb 11 10:33:35 2009
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2FDAD10657D4;
	Wed, 11 Feb 2009 10:33:35 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 1F2538FC1B;
	Wed, 11 Feb 2009 10:33:35 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n1BAXZt9097588;
	Wed, 11 Feb 2009 10:33:35 GMT
	(envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n1BAXYPG097587;
	Wed, 11 Feb 2009 10:33:34 GMT (envelope-from miwi)
Message-Id: <200902111033.n1BAXYPG097587@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Wed, 11 Feb 2009 10:33:34 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/www/typo3 Makefile distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2009 10:33:36 -0000

miwi        2009-02-11 10:33:34 UTC

  FreeBSD ports repository

  Modified files:
    www/typo3            Makefile distinfo 
  Log:
  - Update to 4.2.6
  
  Security update:
  An Information Disclosure vulnerability in jumpUrl mechanism,
  used to track access on web pages and provided files, allows
  a remote attacker to read arbitrary files on a host.
  
  The expected value of a mandatory hash secret, intended to
  invalidate such requests, is exposed to remote users allowing
  them to bypass access control by providing the correct value.
  
  There's no authentication required to exploit this vulnerability.
  The vulnerability allows to read any file, the web server user account
  has access to.
  
  With hat:       secteam
  Security:       http://www.vuxml.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html
  
  Revision  Changes    Path
  1.25      +1 -2      ports/www/typo3/Makefile
  1.17      +6 -6      ports/www/typo3/distinfo