CVS commit: [pkgsrc-2013Q1] pkgsrc/devel/rt3

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2013Q1] pkgsrc/devel/rt3
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Thu, 30 May 2013 08:29:36 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Thu May 30 08:29:36 UTC 2013

Modified Files:
        pkgsrc/devel/rt3 [pkgsrc-2013Q1]: Makefile Makefile.install PLIST
            distinfo

Log Message:
Pullup ticket #4142 - requested by spz
devel/rt3: security update

Revisions pulled up:
- devel/rt3/Makefile                                            1.52
- devel/rt3/Makefile.install                                    1.20
- devel/rt3/PLIST                                               1.23
- devel/rt3/distinfo                                            1.24

---
   Module Name: pkgsrc
   Committed By:        spz
   Date:                Sun May 26 16:55:53 UTC 2013

   Modified Files:
        pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo

   Log Message:
   security update for RT3, fixing:

       CVE-2013-3368
       CVE-2013-3369
       CVE-2013-3370
       CVE-2013-3371
       CVE-2013-3372
       CVE-2013-3373
       CVE-2013-3374

   It also includes a database upgrade, so please make sure to run `make
   upgrade-database`.

   Changes in detail are:
   3.8.15->3.8.16:
   ruz  stop RT from locking on "large" mails
   ruz  make sure data is recorded (tests)
   alexmv       Remove bogus argument to ->get(), which fail on HTTP::Message 
>= 5.05
   alexmv       Ensure that tickets are destroyed before global destruction, in 
more
   alexmv       Work around a bug in perl < 5.13.10 with open($fh, ">:raw", 
\$string)
   sunnavy destroy more tickets and objects before global destruction for modern
   tsibley Remove the "signature" paragraph from the README's explanation of RT

   3.8.16->3.8.17:
   alexmv       Ensure that filenames in inline image attributes are 
HTML-escaped
   alexmv       Deny direct access to callbacks
   alexmv       Protect calls to $m->comp with user input in ColumnMap
   alexmv       Ensure that subjects cannot contain embedded newlines
   alexmv       Remove filename= suggesions from Content-Disposition lines
   alexmv       Ensure consistent escaping of filenames in attachment URIs
   alexmv       Ensure that URLs placed in HTML attributes are escaped 
correctly, to
        prevent XSS injection
   alexmv       Ensure that the default replacement does not pass through 
unescaped
        content
   alexmv       Use File::Temp for non-predictable temporary filenames


To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.51.4.1 pkgsrc/devel/rt3/Makefile
cvs rdiff -u -r1.19 -r1.19.6.1 pkgsrc/devel/rt3/Makefile.install
cvs rdiff -u -r1.22 -r1.22.4.1 pkgsrc/devel/rt3/PLIST
cvs rdiff -u -r1.23 -r1.23.4.1 pkgsrc/devel/rt3/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: [pkgsrc-2013Q1] pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2013Q1] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index