From owner-cvs-all@FreeBSD.ORG  Tue Dec 20 20:52:26 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E56E16A42F;
	Tue, 20 Dec 2005 20:52:26 +0000 (GMT)
	(envelope-from edwin@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F21943D91;
	Tue, 20 Dec 2005 20:52:19 +0000 (GMT)
	(envelope-from edwin@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id jBKKqJCE034379;
	Tue, 20 Dec 2005 20:52:19 GMT
	(envelope-from edwin@repoman.freebsd.org)
Received: (from edwin@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id jBKKqJA1034378;
	Tue, 20 Dec 2005 20:52:19 GMT (envelope-from edwin)
Message-Id: <200512202052.jBKKqJA1034378@repoman.freebsd.org>
From: Edwin Groothuis <edwin@FreeBSD.org>
Date: Tue, 20 Dec 2005 20:52:18 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/www/mediawiki Makefile distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2005 20:52:26 -0000

edwin       2005-12-20 20:52:18 UTC

  FreeBSD ports repository

  Modified files:
    www/mediawiki        Makefile distinfo 
  Log:
  www/mediawiki update to 1.5.3 (security update)
  
          Fixes a security issue: Validation of the user language
          option was broken by a code change in May 2005, opening the
          possibility of remote code execution as this parameter is
          used in forming a class name dynamically created with eval().
          The validation has been corrected in this version.  All
          prior 1.5 release and prelease versions are affected; 1.4
          and earlier and not affected.
  
  PR:             ports/90335
  Submitted by:   Thomas Vogt <thomas@bsdunix.ch>
  Approved by:    maintainer timeout
  
  Revision  Changes    Path
  1.18      +1 -1      ports/www/mediawiki/Makefile
  1.15      +3 -2      ports/www/mediawiki/distinfo