Created attachment 192659 [details] svn diff mail/sympa # to 2.6.32 Security breach, see https://sympa-community.github.io/security/2018-001.html … and some bugfixes https://github.com/sympa-community/sympa/blob/6.2.32/NEWS.md
Should be applied to quarterly too, I'll try to check/prepare that soon
A commit references this bug: Author: krion Date: Tue May 22 19:30:51 UTC 2018 New revision: 470654 URL: https://svnweb.freebsd.org/changeset/ports/470654 Log: Security update to 6.2.32 Description: A vulnerability has been discovered in Sympa web interface that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the server filesystem, using the function of Sympa web interface template file saving. PR: 227642 Submitted by: maintainer Changes: head/mail/sympa/Makefile head/mail/sympa/distinfo
A commit references this bug: Author: krion Date: Wed May 23 07:52:05 UTC 2018 New revision: 470685 URL: https://svnweb.freebsd.org/changeset/ports/470685 Log: MFH: r470654 Security update to 6.2.32 Description: A vulnerability has been discovered in Sympa web interface that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the server filesystem, using the function of Sympa web interface template file saving. PR: 227642 Submitted by: maintainer Approved by: ports-secteam Changes: _U branches/2018Q2/ branches/2018Q2/mail/sympa/Makefile branches/2018Q2/mail/sympa/distinfo