Date: Mon, 2 Apr 2007 01:07:21 GMT From: Yasushi Hayashi<yasi@yasi.to> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/111119: [update] www/zope change to FORBIDDEN Message-ID: <200704020107.l3217Kxv090966@www.freebsd.org> Resent-Message-ID: <200704020120.l321K9wA005920@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 111119 >Category: ports >Synopsis: [update] www/zope change to FORBIDDEN >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 02 01:20:08 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Yasushi Hayashi >Release: FreeBSD 6.2-STABLE i386 >Organization: >Environment: FreeBSD www.yasi.to 6.2-STABLE FreeBSD 6.2-STABLE #5: Fri Mar 30 14:25:55 JST 2007 yasi@www.yasi.to:/usr/obj/usr/src/sys/GENERIC i386 >Description: Zope.org announced cross-site scripting vulnerability in Zope 2.7.x. But there is no Hotfix supported offcially. See: http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/README.txt The time has come that Zope 2.7.x should be FORBIDDEN. Next, I MUST change Mk/bsd.python.mk to remove Zope 2.7.x. But I don't have certain idea for it. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -urN /usr/ports/www/zope.old/Makefile /usr/ports/www/zope/Makefile --- /usr/ports/www/zope.old/Makefile Mon Apr 2 09:15:40 2007 +++ /usr/ports/www/zope/Makefile Mon Apr 2 09:21:00 2007 @@ -17,6 +17,8 @@ MAINTAINER= estartu@augusta.de COMMENT= An object-based web application platform +FORBIDDEN= There is NO official supported HotFix for cross-site-scripting vulnerability. + WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final USE_PYTHON= 2.3 USE_RC_SUBR= yes >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704020107.l3217Kxv090966>