Bug 227642 - [PATCH] mail/sympa: security update to 2.6.32
Summary: [PATCH] mail/sympa: security update to 2.6.32
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-04-19 17:26 UTC by geoffroy desvernay
Modified: 2018-05-23 07:53 UTC (History)
0 users

See Also:
dgeo: maintainer-feedback+
dgeo: merge-quarterly?

Attachments
svn diff mail/sympa # to 2.6.32 (918 bytes, patch)
2018-04-19 17:26 UTC, geoffroy desvernay 		dgeo: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description geoffroy desvernay 2018-04-19 17:26:19 UTC 
Created attachment 192659 [details]
svn diff mail/sympa # to 2.6.32

Security breach, see https://sympa-community.github.io/security/2018-001.html
… and some bugfixes https://github.com/sympa-community/sympa/blob/6.2.32/NEWS.md
Comment 1 geoffroy desvernay 2018-04-19 17:28:27 UTC 
Should be applied to quarterly too, I'll try to check/prepare that soon
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-22 19:31:17 UTC 
A commit references this bug:

Author: krion
Date: Tue May 22 19:30:51 UTC 2018
New revision: 470654
URL: https://svnweb.freebsd.org/changeset/ports/470654

Log:
  Security update to 6.2.32

  Description:
  A vulnerability has been discovered in Sympa web interface that
  allows write access to files on the server filesystem.

  This flaw allows to create or modify any file writable by the Sympa
  user, located on the server filesystem, using the function of Sympa
  web interface template file saving.

  PR:		227642
  Submitted by:	maintainer

Changes:
  head/mail/sympa/Makefile
  head/mail/sympa/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-05-23 07:52:39 UTC 
A commit references this bug:

Author: krion
Date: Wed May 23 07:52:05 UTC 2018
New revision: 470685
URL: https://svnweb.freebsd.org/changeset/ports/470685

Log:
  MFH: r470654

  Security update to 6.2.32

  Description:
  A vulnerability has been discovered in Sympa web interface that
  allows write access to files on the server filesystem.

  This flaw allows to create or modify any file writable by the Sympa
  user, located on the server filesystem, using the function of Sympa
  web interface template file saving.

  PR:		227642
  Submitted by:	maintainer

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q2/
  branches/2018Q2/mail/sympa/Makefile
  branches/2018Q2/mail/sympa/distinfo