Date: Tue, 20 Dec 2005 20:52:18 +0000 (UTC) From: Edwin Groothuis <edwin@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/mediawiki Makefile distinfo Message-ID: <200512202052.jBKKqJA1034378@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
edwin 2005-12-20 20:52:18 UTC
FreeBSD ports repository
Modified files:
www/mediawiki Makefile distinfo
Log:
www/mediawiki update to 1.5.3 (security update)
Fixes a security issue: Validation of the user language
option was broken by a code change in May 2005, opening the
possibility of remote code execution as this parameter is
used in forming a class name dynamically created with eval().
The validation has been corrected in this version. All
prior 1.5 release and prelease versions are affected; 1.4
and earlier and not affected.
PR: ports/90335
Submitted by: Thomas Vogt <thomas@bsdunix.ch>
Approved by: maintainer timeout
Revision Changes Path
1.18 +1 -1 ports/www/mediawiki/Makefile
1.15 +3 -2 ports/www/mediawiki/distinfo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512202052.jBKKqJA1034378>