From owner-cvs-ports@FreeBSD.ORG Wed Feb 11 10:33:35 2009 Return-Path: Delivered-To: cvs-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FDAD10657D4; Wed, 11 Feb 2009 10:33:35 +0000 (UTC) (envelope-from miwi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 1F2538FC1B; Wed, 11 Feb 2009 10:33:35 +0000 (UTC) (envelope-from miwi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n1BAXZt9097588; Wed, 11 Feb 2009 10:33:35 GMT (envelope-from miwi@repoman.freebsd.org) Received: (from miwi@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n1BAXYPG097587; Wed, 11 Feb 2009 10:33:34 GMT (envelope-from miwi) Message-Id: <200902111033.n1BAXYPG097587@repoman.freebsd.org> From: Martin Wilke Date: Wed, 11 Feb 2009 10:33:34 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: ports/www/typo3 Makefile distinfo X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 10:33:36 -0000 miwi 2009-02-11 10:33:34 UTC FreeBSD ports repository Modified files: www/typo3 Makefile distinfo Log: - Update to 4.2.6 Security update: An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value. There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to. With hat: secteam Security: http://www.vuxml.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html Revision Changes Path 1.25 +1 -2 ports/www/typo3/Makefile 1.17 +6 -6 ports/www/typo3/distinfo