From owner-freebsd-questions@FreeBSD.ORG  Mon Sep  8 14:58:34 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 45D351065688;
	Mon,  8 Sep 2008 14:58:34 +0000 (UTC)
	(envelope-from freebsd-security-local@be-well.ilk.org)
Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net
	[66.92.78.145])
	by mx1.freebsd.org (Postfix) with ESMTP id 113A58FC26;
	Mon,  8 Sep 2008 14:58:33 +0000 (UTC)
	(envelope-from freebsd-security-local@be-well.ilk.org)
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id A674028431; Mon,  8 Sep 2008 10:42:23 -0400 (EDT)
To: "tethys ocean" <tethys.ocean@gmail.com>
References: <235b80000809080713v70b4a5cfs4927beb1c0772d9a@mail.gmail.com>
From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org>
Date: Mon, 08 Sep 2008 10:42:23 -0400
In-Reply-To: <235b80000809080713v70b4a5cfs4927beb1c0772d9a@mail.gmail.com>
	(tethys ocean's message of "Mon\, 8 Sep 2008 17\:13\:06 +0300")
Message-ID: <44hc8qr968.fsf@be-well.ilk.org>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-security@freebsd.org, FreeBSD Questions <questions@freebsd.org>
Subject: Re: joomla15-1.5.3 has known vulnerabilities:
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2008 14:58:34 -0000

"tethys ocean" <tethys.ocean@gmail.com> writes:

> Hi all
>
> one of the co-locatin customer want to use joomla(lestest version 15) i want
> to install from port but i ve taken this error
>
>
> [root@wmn /usr/ports/www/joomla15]# make install clean
> ===>  joomla15-1.5.3 has known vulnerabilities:
> => joomla -- flaw in the reset token validation.
>    Reference: <
> http://www.FreeBSD.org/ports/portaudit/8514b6e7-6f0f-11dd-b3db-001c2514716c.html
>>
> => Please update your ports tree and try again.
> *** Error code 1
>
> Stop in /usr/ports/www/joomla15.
> [root@wmn /usr/ports/www/joomla15]#
>
> port is updated
>
> firstly it would install i patch it but not install

If you have patched to fix the vulnerability, then you can just
disable portaudit.