Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Nov 2005 18:00:59 +0100
From:      Remko Lodder <remko@FreeBSD.org>
To:        Sergey Matveychuk <sem@FreeBSD.org>
Cc:        cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject:   Re: cvs commit: ports/www/joomla Makefile distinfo pkg-plist
Message-ID:  <438B37CB.9030500@FreeBSD.org>
In-Reply-To: <200511280730.jAS7UZ9x056851@repoman.freebsd.org>
References:  <200511280730.jAS7UZ9x056851@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sergey Matveychuk wrote:
> sem         2005-11-28 07:30:34 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     www/joomla           Makefile distinfo pkg-plist 
>   Log:
>   - Update to 1.0.4
>     It fixes 6 Security Vunerabilities:
>   
>   Critical Level Threats
>   Potentional XSS injection through GET and other variables
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
>   Hardened SEF against XSS injection
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
>   
>   Low Level Threats
>   Potential SQL injection in Polls modules through the Itemid variable
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   Potential SQL injection in several methods in mosDBTable class
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   Potential misuse of Media component file management functions
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   
>   PR:             ports/89596
>   Submitted by:   Francisco Alves Cabrita (maintainer)
>   

Hi Sem,

Thanks for updating Joomla, but please use Security:
tags in your commit msg if it regards security updates.
That way automated scripts can easily spot what kind of update
this was.

It would also have been great if there was a pointer to the
issue like an announcement or something :-)

Cheers,
Remko

-- 
Kind regards,

      Remko Lodder               ** remko@elvandar.org
      FreeBSD                    ** remko@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?438B37CB.9030500>