CVS commit: pkgsrc/www/contao35

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/contao35
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Mon, 23 Apr 2018 14:00:18 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Mon Apr 23 14:00:18 UTC 2018

Modified Files:
        pkgsrc/www/contao35: Makefile distinfo

Log Message:
www/contao35: update to 3.5.35

Version 3.5.35 (2018-04-18)
---------------------------

### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).

CVE-2018-10125

With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log.  The attacker themselves
does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/contao35/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/contao35/Makefile
diff -u pkgsrc/www/contao35/Makefile:1.38 pkgsrc/www/contao35/Makefile:1.39
--- pkgsrc/www/contao35/Makefile:1.38   Tue Mar  6 16:25:38 2018
+++ pkgsrc/www/contao35/Makefile        Mon Apr 23 14:00:17 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.38 2018/03/06 16:25:38 taca Exp $
+# $NetBSD: Makefile,v 1.39 2018/04/23 14:00:17 taca Exp $
 #
 
 DISTNAME=      contao-${CT_PKGVER}
@@ -20,7 +20,7 @@ DEPENDS+=     ${PHP_PKG_PREFIX}-soap>=5.4.0:
 DEPENDS+=      ${PHP_PKG_PREFIX}-curl>=5.4.0:../../www/php-curl
 DEPENDS+=      ${PHP_PKG_PREFIX}-zlib>=5.4.0:../../archivers/php-zlib
 
-CT_VERSION=    3.5.34
+CT_VERSION=    3.5.35
 USE_TOOLS=     bash:run pax
 NO_BUILD=      yes
 FILESDIR?=     ${.CURDIR}/files

Index: pkgsrc/www/contao35/distinfo
diff -u pkgsrc/www/contao35/distinfo:1.30 pkgsrc/www/contao35/distinfo:1.31
--- pkgsrc/www/contao35/distinfo:1.30   Tue Mar  6 16:25:38 2018
+++ pkgsrc/www/contao35/distinfo        Mon Apr 23 14:00:17 2018
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.30 2018/03/06 16:25:38 taca Exp $
+$NetBSD: distinfo,v 1.31 2018/04/23 14:00:17 taca Exp $
 
-SHA1 (contao-3.5.34.tar.gz) = 3f44d54b499b2e3539f2a41ca8cbfd01e1de1ef9
-RMD160 (contao-3.5.34.tar.gz) = f59840bdbf74f2eb1e6a1682375a85ea95371962
-SHA512 (contao-3.5.34.tar.gz) = c31f207157ae4db9d4a202584450989980afa20011a3779dff89004122e59d294ed11c664fc1a7b8701d6d22b5b1714a49f255220c525d5f4b40e4bad76c5b48
-Size (contao-3.5.34.tar.gz) = 11203406 bytes
+SHA1 (contao-3.5.35.tar.gz) = 398499e9e817e3f207a445135c654b7802e02a54
+RMD160 (contao-3.5.35.tar.gz) = 44ce17190a219f85740a490a8599e2edb5db9111
+SHA512 (contao-3.5.35.tar.gz) = 8131e0aaf2d54c51c624206ffd14fba8b3a46621eab93d19bc499cb041a6827f907e94a4d39fd13dfb63500e5c5e3187c267c63d8d993ca1308856b82e4297f8
+Size (contao-3.5.35.tar.gz) = 11203496 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index