From owner-cvs-all@FreeBSD.ORG  Mon Mar 23 15:06:20 2009
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 42BCC1065673;
	Mon, 23 Mar 2009 15:06:20 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 287058FC1E;
	Mon, 23 Mar 2009 15:06:20 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n2NF6K8R025468;
	Mon, 23 Mar 2009 15:06:20 GMT
	(envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n2NF6KsN025467;
	Mon, 23 Mar 2009 15:06:20 GMT (envelope-from miwi)
Message-Id: <200903231506.n2NF6KsN025467@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Mon, 23 Mar 2009 15:06:19 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/net-mgmt/zabbix Makefile pkg-plist
 ports/net-mgmt/zabbix/files patch-USH-162.1 patch-USH-162.2
 ports/net-mgmt/zabbix-agent Makefile
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2009 15:06:21 -0000

miwi        2009-03-23 15:06:19 UTC

  FreeBSD ports repository

  Modified files:
    net-mgmt/zabbix      Makefile pkg-plist 
    net-mgmt/zabbix-agent Makefile 
  Added files:
    net-mgmt/zabbix/files patch-USH-162.1 patch-USH-162.2 
  Log:
  - Fix zabbix -- php frontend multiple vulnerabilities
  
  Note:
  
          Input appended to and passed via the "extlang" parameter to the "calc_exp2()"
          function in include/validate.inc.php is not properly sanitised before being
          used. This can be exploited to inject and execute arbitrary PHP code.
  
          The application allows users to perform certain actions via HTTP requests
          without performing any validity checks to verify the requests. This can be
          exploited to e.g. create users by enticing a logged in administrator to
          visit a malicious web page.
  
          Input passed to the "srclang" parameter in locales.php (when "next" is set
          to a non-NULL value) is not properly verified before being used to include
          files. This can be exploited to include arbitrary files from local resources
          via directory traversal attacks and URL-encoded NULL bytes.
  
  - Bump PORTREVISION
  
  PR:             132944
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (many thanks!)
  Approved by:    maintainer timeout (security 1 day)
  Security:       http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html
  
  Revision  Changes    Path
  1.25      +1 -2      ports/net-mgmt/zabbix-agent/Makefile
  1.61      +2 -2      ports/net-mgmt/zabbix/Makefile
  1.1       +135 -0    ports/net-mgmt/zabbix/files/patch-USH-162.1 (new)
  1.1       +2622 -0   ports/net-mgmt/zabbix/files/patch-USH-162.2 (new)
  1.20      +2 -2      ports/net-mgmt/zabbix/pkg-plist