Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Sep 2006 10:47:23 GMT
From:      Francisco Alves Cabrita <include@npf.deec.uc.pt>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/102746: [UPDATE]: www/joomla 1.0.10 to 1.0.11 (security update)
Message-ID:  <200609011047.k81AlNpN019876@www.freebsd.org>
Resent-Message-ID: <200609011050.k81AoE79001405@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         102746
>Category:       ports
>Synopsis:       [UPDATE]: www/joomla 1.0.10 to 1.0.11 (security update)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 01 10:50:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Francisco Alves Cabrita
>Release:        FreeBSD 6.1-RELEASE-p3
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Wed Aug  9 14:04:16 WEST 2006     root@fac.e10.pt:/usr/obj/usr/src/sys/SIXONE  i386

>Description:
Security Update of www/joomla from 1.0.10 to 1.0.11

04 HIGH Level Threats fixed
A1 Unvalidated Input
A6 Injection Flaws

04 MEDIUM Level Threats fixed
A1 Unvalidated Input
A2 Broken Access Control  

18 LOW Level Threats fixed
A1 Unvalidated Input
A2 Broken Access Control
A4 Cross Site Scripting
A6 Injection Flaws

Best Regards
Francisco
>How-To-Repeat:

>Fix:
diff -ruN joomla.orig/Makefile joomla/Makefile
--- joomla.orig/Makefile	Fri Sep  1 11:41:12 2006
+++ joomla/Makefile	Fri Sep  1 11:41:35 2006
@@ -5,15 +5,15 @@
 # $FreeBSD: ports/www/joomla/Makefile,v 1.9 2006/08/30 12:37:21 remko Exp $
 
 PORTNAME=	joomla
-PORTVERSION=	1.0.10
+PORTVERSION=	1.0.11
 CATEGORIES=	www
-MASTER_SITES=	http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_10/frs5789?dl=1/:source1
+MASTER_SITES=	http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_11/frs6656?dl=1/:source1
 DISTFILES=	${JOOMLA_SRC}:source1
 
 MAINTAINER=	include@npf.pt.freebsd.org
 COMMENT=	A dynamic web content management system (CMS)
 
-FORBIDDEN=	remote code execution: http://vuxml.FreeBSD.org/0ab423e7-3822-11db-81e1-000e0c2e438a.html
+#FORBIDDEN=	remote code execution: http://vuxml.FreeBSD.org/0ab423e7-3822-11db-81e1-000e0c2e438a.html
 
 NO_BUILD=	yes
 USE_MYSQL=	yes
diff -ruN joomla.orig/distinfo joomla/distinfo
--- joomla.orig/distinfo	Fri Sep  1 10:42:11 2006
+++ joomla/distinfo	Fri Sep  1 11:36:20 2006
@@ -1,3 +1,3 @@
-MD5 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 4c608dc14fe8952bd35803e5cc8f56cc
-SHA256 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 99c265c9bc7d163e3f6bdcb92d3f48dcc51c6b5bb84aedd4d350c5cdbc37e9e2
-SIZE (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 1707685
+MD5 (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = b5f7a7c74b2951ed999c494881522be2
+SHA256 (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = bdcded24dc5a4605c083f2011ec67d047c1a06b2719f44562995671550b46d5a
+SIZE (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = 1719645
diff -ruN joomla.orig/pkg-plist joomla/pkg-plist
--- joomla.orig/pkg-plist	Fri Sep  1 10:42:11 2006
+++ joomla/pkg-plist	Fri Sep  1 11:39:52 2006
@@ -432,6 +432,7 @@
 www/joomla/administrator/images/upload_f2.png
 www/joomla/administrator/images/user.png
 www/joomla/administrator/images/users.png
+www/joomla/administrator/images/version_check.png
 www/joomla/administrator/images/week.png
 www/joomla/administrator/images/week_f2.png
 www/joomla/administrator/images/xml.png
@@ -470,6 +471,7 @@
 www/joomla/administrator/modules/mod_popular.php
 www/joomla/administrator/modules/mod_popular.xml
 www/joomla/administrator/modules/mod_quickicon.php
+www/joomla/administrator/modules/mod_quickicon.xml
 www/joomla/administrator/modules/mod_stats.php
 www/joomla/administrator/modules/mod_stats.xml
 www/joomla/administrator/modules/mod_toolbar.php
@@ -808,6 +810,8 @@
 www/joomla/includes/js/ThemeOffice/home.png
 www/joomla/includes/js/ThemeOffice/index.html
 www/joomla/includes/js/ThemeOffice/install.png
+www/joomla/includes/js/ThemeOffice/joomla_16x16.png
+www/joomla/includes/js/ThemeOffice/Joomla_16x16.png
 www/joomla/includes/js/ThemeOffice/language.png
 www/joomla/includes/js/ThemeOffice/license.png
 www/joomla/includes/js/ThemeOffice/mail.png

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609011047.k81AlNpN019876>