Update databases/mantis to version 1.2.7: Version 1.2.7 addresses a XSS vulnerability in search.php. Details can be found at: http://www.mantisbt.org/blog/?p=142 http://www.mantisbt.org/bugs/view.php?id=13245 Complete change log: http://www.mantisbt.org/bugs/changelog_page.php?version_id=138 Fix: Patch included. Tinderbox logs can be found here: - https://builder.glenbarber.us/tb/logs/7-32-FreeBSD/mantis-1.2.7.log - https://builder.glenbarber.us/tb/logs/8-32-FreeBSD/mantis-1.2.7.log - https://builder.glenbarber.us/tb/logs/9-32-FreeBSD/mantis-1.2.7.log Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->crees I'll take it.
Responsible Changed From-To: crees->eadler crees allowed me to take this
Maintainer of databases/mantis, Please note that PR ports/160368 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/160368 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Approved by maintainer (who has no time to test this and assumes = tinderbox will prove things). --=20 Dan Langille - http://langille.org
State Changed From-To: feedback->open Approved by maintainer.
eadler 2011-09-05 15:55:38 UTC FreeBSD ports repository Modified files: databases/mantis Makefile distinfo pkg-plist security/vuxml vuln.xml Log: - Update to 1.2.7 PR: ports/160368 Submitted by: gjb Approved by: dvl (maintainer), bapt (mentor) Security: CVE-2011-2938 Revision Changes Path 1.30 +1 -1 ports/databases/mantis/Makefile 1.23 +2 -2 ports/databases/mantis/distinfo 1.20 +19 -0 ports/databases/mantis/pkg-plist 1.2436 +25 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed You got what you wanted.