Date: Wed, 15 Feb 2006 20:34:49 GMT From: Thierry Thomas <thierry@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/93406: security/pear-Auth: upgrade to Auth-1.2.4 and fixes a security issue. Message-ID: <200602152034.k1FKYnYs067049@freefall.freebsd.org> Resent-Message-ID: <200602152040.k1FKe4eW067296@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93406 >Category: ports >Synopsis: security/pear-Auth: upgrade to Auth-1.2.4 and fixes a security issue. >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Feb 15 20:40:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Thierry Thomas >Release: FreeBSD 6.0-STABLE i386 >Organization: Kabbale Eros >Environment: System: FreeBSD freefall.freebsd.org 6.0-STABLE FreeBSD 6.0-STABLE #0: Sat Dec 10 03:18:20 UTC 2005 kensmith@freefall.freebsd.org:/usr/obj/usr/src/sys/FREEFALL i386 >Description: According to the official announcement: This release fixes a security issue that allows an attacker to perform injection attacks against the underlying storage containers. Upgrading is strongly recommended! See changelog at <http://pear.php.net/package/Auth/download/1.2.4>. >How-To-Repeat: N/A. >Fix: Apply the following patch: --- pear-Auth.diff begins here --- diff -urN security/pear-Auth.orig/Makefile security/pear-Auth/Makefile --- security/pear-Auth.orig/Makefile Sat Dec 10 15:22:52 2005 +++ security/pear-Auth/Makefile Wed Feb 15 21:18:35 2006 @@ -6,8 +6,7 @@ # PORTNAME= Auth -PORTVERSION= 1.2.3 -PORTREVISION= 1 +PORTVERSION= 1.2.4 CATEGORIES= security pear MAINTAINER= antonio@php.net @@ -23,8 +22,6 @@ PEAR_MDB "PEAR::MDB support" off \ PEAR_AUTH_RADIUS "PEAR::Auth_RADIUS support" off \ PEAR_FILE_SMBPASSWD "PEAR::File_SMBPasswd support" off - -USE_REINPLACE= yes CATEGORY= Auth FILES= Auth.php Auth/Auth.php Container.php Container/DB.php \ diff -urN security/pear-Auth.orig/distinfo security/pear-Auth/distinfo --- security/pear-Auth.orig/distinfo Wed Jan 25 14:05:04 2006 +++ security/pear-Auth/distinfo Wed Feb 15 21:19:08 2006 @@ -1,3 +1,3 @@ -MD5 (PEAR/Auth-1.2.3.tgz) = 1506c2a27afe85e8d56eaa8466b6f13a -SHA256 (PEAR/Auth-1.2.3.tgz) = 6ff08d0eacba3de45e791f12761c2bf6be0490b14a7a563239f3d97c885119bd -SIZE (PEAR/Auth-1.2.3.tgz) = 24040 +MD5 (PEAR/Auth-1.2.4.tgz) = c1860f21a842aae14d3118bc97fc6417 +SHA256 (PEAR/Auth-1.2.4.tgz) = 016562c68cf88a534fade2d133ce89b3dfc510f2841afbe7c354324580aea440 +SIZE (PEAR/Auth-1.2.4.tgz) = 23387 --- pear-Auth.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602152034.k1FKYnYs067049>