CVS commit: [pkgsrc-2008Q3] pkgsrc/mail/sympa

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2008Q3] pkgsrc/mail/sympa
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Mon, 29 Dec 2008 11:33:05 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Dec 29 11:33:05 UTC 2008

Modified Files:
        pkgsrc/mail/sympa [pkgsrc-2008Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket #2617 - requested by bouyer
sympa: security update

Revisions pulled up:
- mail/sympa/Makefile                   1.38 (via patch)
- mail/sympa/PLIST                      1.7 (via patch)
- mail/sympa/distinfo                   1.11 (via patch)
---
Module Name:    pkgsrc
Committed By:   bouyer
Date:           Sat Dec 20 19:02:12 UTC 2008

Modified Files:
        pkgsrc/mail/sympa: Makefile PLIST distinfo

Log Message:
Update sympa to 5.4.4. Bug fixes (including SQL injestion and privilege
escalation vulnerabilities) and updated translations:
    * Sympa was not fully compliant to the RFC 2616, leading for example
      to possible unwanted list deletion by administrators using prefetching
      tools. This was fixed by replacing all the threatening GET requests
      by POST requests;
    * Use of sprint() function for creating SQL queries lead to possible
      SQL injection through cookie manipulation;
    * The use of files in /tmp lead to vulnerabilities.


To generate a diff of this commit:
cvs rdiff -r1.32.8.1 -r1.32.8.2 pkgsrc/mail/sympa/Makefile
cvs rdiff -r1.5 -r1.5.8.1 pkgsrc/mail/sympa/PLIST
cvs rdiff -r1.9 -r1.9.8.1 pkgsrc/mail/sympa/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/mk/wrapper
Next by Date: CVS commit: [pkgsrc-2008Q3] pkgsrc/net/p5-SOAP-Lite
Previous by Thread: CVS commit: pkgsrc/mk/wrapper
Next by Thread: CVS commit: [pkgsrc-2008Q3] pkgsrc/net/p5-SOAP-Lite
Indexes:

Home | Main Index | Thread Index | Old Index