Under various (and differing) circumstances, multiple vulnerabilities exist that allow an attacker to steal cookie information, initiatiate XSS and SQL injection attacks. Fix: Security Patch for All Mambo 4.5.x Versions -- Makefile_SAFE Tue Jun 7 11:22:57 2005 +++ Makefile Tue Jun 7 11:25:17 2005 @@ -5,13 +5,15 @@ # $FreeBSD: ports/www/mambo/Makefile,v 1.2 2005/05/29 09:07:41 thierry Exp $ PORTNAME= mambo -PORTVERSION= 4.5.2.1 +PORTVERSION= 4.5.2.2 PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://mamboforge.net/frs/download.php/4004/:source1 \ - http://mamboforge.net/frs/download.php/4043/:source2 + http://mamboforge.net/frs/download.php/4043/:source2 \ + http://mamboforge.net/frs/download.php/5886/:source3 DISTFILES= ${MAMBO_SRC}:source1 \ - ${MAMBO_PATCH}:source2 + ${MAMBO_PATCH1}:source2 \ + ${MAMBO_PATCH2}:source3 MAINTAINER= include@npf.pt.freebsd.org COMMENT= A dynamic web content management system (CMS) @@ -31,12 +33,14 @@ DIST_SUBDIR= ${PORTNAME} MAMBO_SRC= MamboV4.5.2-Stable.tar.gz -MAMBO_PATCH= Patch_4.5.2_to_4.5.2.1.zip +MAMBO_PATCH1= Patch_4.5.2_to_4.5.2.1.zip +MAMBO_PATCH2= Patch_4.5.2_to_4.5.2.2.zip do-extract: @${MKDIR} ${WRKSRC} @${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC} - @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH} -d ${WRKSRC} + @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC} + @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC} @${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty do-install: PS: I already received an e-mail from pointyhat (Kris Kennaway)alerting me to insert more redundant mirros, sorry but for now i only have time to submite this important update. Thank in advance Francisco aka include
Sorry miss the diff for distinfo. --- distinfo_SAFE Tue Jun 7 11:57:38 2005 +++ distinfo Tue Jun 7 11:28:05 2005 @@ -2,3 +2,5 @@ SIZE (mambo/MamboV4.5.2-Stable.tar.gz) = 1561319 MD5 (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 0dc49db1cf7a5c0ff11d69f05cfae69f SIZE (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 32429 +MD5 (mambo/Patch_4.5.2_to_4.5.2.2.zip) = ce66ecab53e6af3215d664a6b24b7ab0 +SIZE (mambo/Patch_4.5.2_to_4.5.2.2.zip) = 88100 Now it's all :) Francisco aka include -- Nucleo Portugues de FreeBSD - Core Member http://npf.pt.freebsd.org http://npf.pt.freebsd.org/~include/ On Tue, 7 Jun 2005 FreeBSD-gnats-submit@FreeBSD.org wrote: > Thank you very much for your problem report. > It has the internal identification `ports/81984'. > The individual assigned to look at your > report is: freebsd-ports-bugs. > > You can access the state of your problem report at any time > via this link: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=81984 > >> Category: ports >> Responsible: freebsd-ports-bugs >> Synopsis: [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions >> Arrival-Date: Tue Jun 07 10:40:28 GMT 2005 >
Sorry missed the diff for distinfo file. --- distinfo_SAFE Tue Jun 7 11:57:38 2005 +++ distinfo Tue Jun 7 11:28:05 2005 @@ -2,3 +2,5 @@ SIZE (mambo/MamboV4.5.2-Stable.tar.gz) = 1561319 MD5 (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 0dc49db1cf7a5c0ff11d69f05cfae69f SIZE (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 32429 +MD5 (mambo/Patch_4.5.2_to_4.5.2.2.zip) = ce66ecab53e6af3215d664a6b24b7ab0 +SIZE (mambo/Patch_4.5.2_to_4.5.2.2.zip) = 88100 Now its all :) Francisco Cabrita aka include -- Nucleo Portugues de FreeBSD - Core Member http://npf.pt.freebsd.org http://npf.pt.freebsd.org/~include/
State Changed From-To: open->closed Committed, thanks!