FreeBSD Mail Archives

Date:      Thu, 15 Mar 2007 15:19:23 -0400 (EDT)
From:      Antoine Beaupre <anarcat@koumbit.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/110350: [PATCH] (security?) upgrade of sql-ledger
Message-ID:  <20070315191923.922AA1711D@lethe.koumbit.net>
Resent-Message-ID: <200703151940.l2FJe6nI097040@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         110350
>Category:       ports
>Synopsis:       [PATCH] (security?) upgrade of sql-ledger
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 15 19:40:06 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Antoine Beaupre
>Release:        FreeBSD 6.2-RELEASE-p2 i386
>Organization:
Koumbit
>Environment:
System: FreeBSD lethe.koumbit.net 6.2-RELEASE-p2 FreeBSD 6.2-RELEASE-p2 #0: Fri Mar 9 14:54:27 EST 2007 anarcat@lethe.koumbit.net:/usr/obj/usr/src/sys/LETHE6 i386

SQL-Ledger < 2.2.26.

>Description:

The current version of SQL_Ledger in the ports system is vulnerable to a "authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x." 2.6.26 was released to correct this problem.

http://www.securityfocus.com/archive/1/462375

>How-To-Repeat:

N/A

>Fix:

--- Makefile.orig	Mon Mar 12 13:04:58 2007
+++ Makefile	Mon Mar 12 13:05:25 2007
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	sql-ledger
-PORTVERSION=	2.6.25
+PORTVERSION=	2.6.26
 CATEGORIES=	finance perl5
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE} \
 		http://www.sql-ledger.com/source/
--- distinfo.orig	Mon Mar 12 13:05:03 2007
+++ distinfo	Mon Mar 12 13:06:28 2007
@@ -1,3 +1,3 @@
-MD5 (sql-ledger-2.6.25.tar.gz) = 76ae71da3a8d5863aabb8bc8bd72bccb
-SHA256 (sql-ledger-2.6.25.tar.gz) = 0fa9bf0bf6b40c9e31075c3790124879cdd507d616d2748e59c21e2b4d96057a
-SIZE (sql-ledger-2.6.25.tar.gz) = 3048626
+MD5 (sql-ledger-2.6.26.tar.gz) = c47b5cfc4a743f8234f0719a3e41eaf9
+SHA256 (sql-ledger-2.6.26.tar.gz) = c4bfb12c2793341e408f8c417fa0c4c52b7ad9da59944a196cfae5ccfef7c005
+SIZE (sql-ledger-2.6.26.tar.gz) = 3048615
--- pkg-plist.orig	Mon Mar 12 13:05:10 2007
+++ pkg-plist	Mon Mar 12 13:12:56 2007
@@ -109,7 +109,7 @@
 sql-ledger/doc/UPGRADE-2.4.16-2.6.0
 sql-ledger/doc/UPGRADE-2.4.2-2.4.3
 sql-ledger/doc/UPGRADE-2.4.3-2.4.16
-sql-ledger/doc/UPGRADE-2.6.0-2.6.25
+sql-ledger/doc/UPGRADE-2.6.0-2.6.26
 sql-ledger/doc/faq.html
 sql-ledger/favicon.ico
 sql-ledger/gl.pl
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070315191923.922AA1711D>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation