From owner-cvs-ports@FreeBSD.ORG  Mon Nov 28 17:01:13 2005
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
X-Original-To: cvs-ports@freebsd.org
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8CADF16A41F;
	Mon, 28 Nov 2005 17:01:13 +0000 (GMT)
	(envelope-from remko@freebsd.org)
Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 29BFF43D80;
	Mon, 28 Nov 2005 17:01:04 +0000 (GMT)
	(envelope-from remko@freebsd.org)
Received: from localhost (caelis.elvandar.org [217.148.169.59])
	by caelis.elvandar.org (Postfix) with ESMTP id 3D27E930539;
	Mon, 28 Nov 2005 18:01:01 +0100 (CET)
Received: from caelis.elvandar.org ([217.148.169.59])
	by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new,
	port 10024)
	with ESMTP id 08215-01; Mon, 28 Nov 2005 18:01:00 +0100 (CET)
Message-ID: <438B37CB.9030500@FreeBSD.org>
Date: Mon, 28 Nov 2005 18:00:59 +0100
From: Remko Lodder <remko@FreeBSD.org>
User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Sergey Matveychuk <sem@FreeBSD.org>
References: <200511280730.jAS7UZ9x056851@repoman.freebsd.org>
In-Reply-To: <200511280730.jAS7UZ9x056851@repoman.freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by the elvandar.org maildomain
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/www/joomla Makefile distinfo pkg-plist
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: remko@FreeBSD.org
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2005 17:01:13 -0000

Sergey Matveychuk wrote:
> sem         2005-11-28 07:30:34 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     www/joomla           Makefile distinfo pkg-plist 
>   Log:
>   - Update to 1.0.4
>     It fixes 6 Security Vunerabilities:
>   
>   Critical Level Threats
>   Potentional XSS injection through GET and other variables
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
>   Hardened SEF against XSS injection
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
>   
>   Low Level Threats
>   Potential SQL injection in Polls modules through the Itemid variable
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   Potential SQL injection in several methods in mosDBTable class
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   Potential misuse of Media component file management functions
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
>    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>   
>   PR:             ports/89596
>   Submitted by:   Francisco Alves Cabrita (maintainer)
>   

Hi Sem,

Thanks for updating Joomla, but please use Security:
tags in your commit msg if it regards security updates.
That way automated scripts can easily spot what kind of update
this was.

It would also have been great if there was a pointer to the
issue like an announcement or something :-)

Cheers,
Remko

-- 
Kind regards,

      Remko Lodder               ** remko@elvandar.org
      FreeBSD                    ** remko@FreeBSD.org