From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jun 11 00:09:25 2009 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D9071065693; Thu, 11 Jun 2009 00:09:25 +0000 (UTC) (envelope-from nick@foobar.org) Received: from mail.acquirer.com (mail.acquirer.com [87.198.142.193]) by mx1.freebsd.org (Postfix) with ESMTP id 9F75E8FC17; Thu, 11 Jun 2009 00:09:24 +0000 (UTC) (envelope-from nick@foobar.org) X-Envelope-To: freebsd-ports-bugs@FreeBSD.org Received: from crumpet.foobar.org (twinkie.foobar.org [87.192.56.84]) (authenticated bits=0) by mail.acquirer.com (8.14.3/8.14.3) with ESMTP id n5ANXf3n029757 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 00:33:52 +0100 (IST) (envelope-from nick@foobar.org) Message-ID: <4A3042D3.3020406@foobar.org> Date: Thu, 11 Jun 2009 00:33:39 +0100 From: Nick Hilliard User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090605 Shredder/3.0b3pre MIME-Version: 1.0 To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org References: <200906032210.n53MA20M013929@freefall.freebsd.org> In-Reply-To: <200906032210.n53MA20M013929@freefall.freebsd.org> Content-Type: multipart/mixed; boundary="------------000903080101000902050002" X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on muffin.acquirer.com Cc: Subject: Re: [security vulnerability update] ports/135235: port update: drupal6-views-2.4 -> drupal6-views-2.5 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2009 00:09:25 -0000 This is a multi-part message in MIME format. --------------000903080101000902050002 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 03/06/2009 23:10, FreeBSD-gnats-submit@FreeBSD.org wrote: > Thank you very much for your problem report. > It has the internal identification `ports/135235'. I've attached a diff from drupal6-2.4 to drupal6-2.6, which fixes the a XSS vulnerability and an authorization by-pass security vulnerability. more information on: http://drupal.org/node/488082 Nick --------------000903080101000902050002 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="drupal6-views.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="drupal6-views.diff" ZGlmZiAtYk51ciBkcnVwYWw2LXZpZXdzLm9sZC9NYWtlZmlsZSBkcnVwYWw2LXZpZXdzL01h a2VmaWxlCi0tLSBkcnVwYWw2LXZpZXdzLm9sZC9NYWtlZmlsZQkyMDA5LTA0LTExIDE5OjA1 OjM4LjAwMDAwMDAwMCArMDEwMAorKysgZHJ1cGFsNi12aWV3cy9NYWtlZmlsZQkyMDA5LTA2 LTExIDAwOjI3OjMyLjAwMDAwMDAwMCArMDEwMApAQCAtNiw5ICs2LDggQEAKICMKIAogUE9S VE5BTUU9CXZpZXdzCi1ESVNUVkVSU0lPTj0JNi54LTIuNAorRElTVFZFUlNJT049CTYueC0y LjYKIENBVEVHT1JJRVM9CXd3dwotTUFTVEVSX1NJVEVTPQlodHRwOi8vZnRwLmRydXBhbC5v cmcvZmlsZXMvcHJvamVjdHMvCiAKIE1BSU5UQUlORVI9CXJlYS1mYnNkQGNvZGVsYWJzLnJ1 CiBDT01NRU5UPQlDb250cm9scyBob3cgY29udGVudCBsaXN0cyBhcmUgZ2VuZXJhdGVkCkBA IC0xOTcsNiArMTk2LDcgQEAKIAkJbW9kdWxlcy9jb21tZW50L3ZpZXdzX2hhbmRsZXJfZmll bGRfY29tbWVudF9saW5rX2RlbGV0ZS5pbmMgXAogCQltb2R1bGVzL2NvbW1lbnQvdmlld3Nf aGFuZGxlcl9maWVsZF9jb21tZW50X2xpbmtfZWRpdC5pbmMgXAogCQltb2R1bGVzL2NvbW1l bnQvdmlld3NfaGFuZGxlcl9maWVsZF9jb21tZW50X2xpbmtfcmVwbHkuaW5jIFwKKwkJbW9k dWxlcy9jb21tZW50L3ZpZXdzX2hhbmRsZXJfZmllbGRfY29tbWVudF9ub2RlX2xpbmsuaW5j IFwKIAkJbW9kdWxlcy9jb21tZW50L3ZpZXdzX2hhbmRsZXJfZmllbGRfY29tbWVudF91c2Vy bmFtZS5pbmMgXAogCQltb2R1bGVzL2NvbW1lbnQvdmlld3NfaGFuZGxlcl9maWVsZF9uY3Nf bGFzdF9jb21tZW50X25hbWUuaW5jIFwKIAkJbW9kdWxlcy9jb21tZW50L3ZpZXdzX2hhbmRs ZXJfZmllbGRfbmNzX2xhc3RfdXBkYXRlZC5pbmMgXApkaWZmIC1iTnVyIGRydXBhbDYtdmll d3Mub2xkL2Rpc3RpbmZvIGRydXBhbDYtdmlld3MvZGlzdGluZm8KLS0tIGRydXBhbDYtdmll d3Mub2xkL2Rpc3RpbmZvCTIwMDktMDQtMTEgMTk6MDU6MzguMDAwMDAwMDAwICswMTAwCisr KyBkcnVwYWw2LXZpZXdzL2Rpc3RpbmZvCTIwMDktMDYtMTEgMDA6Mjc6NDMuMDAwMDAwMDAw ICswMTAwCkBAIC0xLDMgKzEsMyBAQAotTUQ1IChkcnVwYWwvdmlld3MtNi54LTIuNC50YXIu Z3opID0gN2RhNzViZWEyMjA0ZTQ1Y2MxYzMxMzc5ZWQ4YzEwYWMKLVNIQTI1NiAoZHJ1cGFs L3ZpZXdzLTYueC0yLjQudGFyLmd6KSA9IDFiZTMwOWVhY2IyMDM3NDJlNGQzZGIwZDBiZTY2 ZjZlMGNhMmFjMzk0ZmEyNGFmYTg4MTcyYWFhNDhhZDUzZDIKLVNJWkUgKGRydXBhbC92aWV3 cy02LngtMi40LnRhci5neikgPSAxNDE5NTcwCitNRDUgKGRydXBhbC92aWV3cy02LngtMi42 LnRhci5neikgPSBhMzk4MjdhNTQzMDM3M2FiODUwOGYyNzczYjBiYzZlYQorU0hBMjU2IChk cnVwYWwvdmlld3MtNi54LTIuNi50YXIuZ3opID0gMTNkMjk2YzQ4MzcwNGU5MmEzMGFjZWNk OWVmZTg2NzJlMGM4OTY0MWIzYzUzZWQxNzI3NTc5OGQyMGZiYTk3ZAorU0laRSAoZHJ1cGFs L3ZpZXdzLTYueC0yLjYudGFyLmd6KSA9IDE1MzQxOTgK --------------000903080101000902050002--