Date: Tue, 29 Jul 2008 08:16:52 +0200 (CEST) From: Hans Fredrik Nordhaug <hans@nordhaug.priv.no> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/126065: [MAINTAINER] www/pivot-weblog: update to 1.40.6 Message-ID: <20080729061652.ADCEE40F3@nordhaug.priv.no> Resent-Message-ID: <200807290640.m6T6e1Mt094963@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 126065 >Category: ports >Synopsis: [MAINTAINER] www/pivot-weblog: update to 1.40.6 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Jul 29 06:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Hans Fredrik Nordhaug >Release: FreeBSD 6.3-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD nordhaug.priv.no 6.3-RELEASE-p3 >Description: - Update to 1.40.6 This is a security update fixing CVE-2008-3128 - a directory traversal vulnerability in all prior Pivot 1.40.x releases that for examples allows an attacker to read the usernames and password hashes of the Pivot installation. It also contains other various fixes and improvements, but no new features. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- pivot-weblog-1.40.6.patch begins here --- diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/Makefile /usr/ports/www/pivot-weblog.new/Makefile --- /usr/ports/www/pivot-weblog/Makefile 2008-04-25 17:14:41.000000000 +0200 +++ /usr/ports/www/pivot-weblog.new/Makefile 2008-07-16 18:39:53.000000000 +0200 @@ -6,11 +6,11 @@ # PORTNAME= pivot-weblog -PORTVERSION= 1.40.5 +PORTVERSION= 1.40.6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} -DISTNAME= pivot_1405_full +DISTNAME= pivot_1406_full MAINTAINER= hans@nordhaug.priv.no COMMENT= A web-based tool to help you maintain weblogs (or other dynamic sites) diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/distinfo /usr/ports/www/pivot-weblog.new/distinfo --- /usr/ports/www/pivot-weblog/distinfo 2008-04-25 17:14:41.000000000 +0200 +++ /usr/ports/www/pivot-weblog.new/distinfo 2008-07-29 08:07:01.000000000 +0200 @@ -1,3 +1,3 @@ -MD5 (pivot_1405_full.zip) = 2a403301adfd5c08a53235d19db25897 -SHA256 (pivot_1405_full.zip) = 010043940c69b153796fdadbbed847a5bcf4246419d1b2de9edf9dddd8887346 -SIZE (pivot_1405_full.zip) = 2223749 +MD5 (pivot_1406_full.zip) = 126d19b9f1e76c40c372609ef0d6f08d +SHA256 (pivot_1406_full.zip) = 57007d0f81e695cb19510a11a07e8a3436ff319e927119d703f11ad49f0990a1 +SIZE (pivot_1406_full.zip) = 2224093 --- pivot-weblog-1.40.6.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080729061652.ADCEE40F3>