The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code. http://www.vuxml.org/freebsd/f70d09cb-0c46-11db-aac7-000c6ec775d9.html Fix: Note that in vuxml entry the mambo security report is listed as 0 < mambo. I don't know if this is correct but I think this tag needs to be corrected to 4.5.4_1 else no version of Mambo can be installed. I did all the updating suff (diff and so on) installing it via "DISABLE_VULNERABILITIES=yes", just to test the right installation of it. Thanks in advance. Francisco Alves Cabrita
Class Changed From-To: update->maintainer-update Make this a ports PR and fix up the fields. Ports in the ports/www/ tree really do belong in the 'ports' GNATS category. Only problems with the FreeBSD website itself belong in 'www'.
Responsible Changed From-To: freebsd-www->freebsd-ports
Responsible Changed From-To: freebsd-ports->itetcu I'll take it.
State Changed From-To: open->feedback Why did you drop MAMBO_DIR user-customization support ?
State Changed From-To: feedback->closed Commited with fixes: when PORTVERSION increases PORTREVISION should be reseted.