Bug 221826

Summary: www/kanboard: Update to 1.0.46
Product: Ports & Packages Reporter: Bart Wrobel <bsd>
Component: Individual Port(s)Assignee: Tobias Kortkamp <tobik>
Status: Closed FIXED    
Severity: Affects Many People CC: rahudev2, tobik
Priority: --- Keywords: patch
Version: LatestFlags: tobik: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to update from 1.0.44 to 1.0.46
none
Testport results none

Description Bart Wrobel 2017-08-26 09:07:57 UTC 
Created attachment 185777 [details]
Patch to update from 1.0.44 to 1.0.46

No breaking changes.

Changelog:

Version 1.0.46 (August 13, 2017)
--------------------------------

Security Issues:

* Fix two privilege escalation issues: a standard user could reset the password 
of another user (including admin) by altering form data.
(CVE-2017-12850 and CVE-2017-12851, discovered by "chbi").

Improvements:

* Add "Create another link" checkbox for internal link as in sub-task creation
* Updated translations

Bug fixes:

* Fix parsing issue in phpToBytes() method

Version 1.0.45 (June 23, 2017)
------------------------------

New features:

* Automatic action to assign tasks to its creator
* Add the possibility to create a comment when a task is sent by email
* Add dropdown menu to autocomplete email field from project members
* Add configurable list of predefined subjects when sending a task or a a comment by email
* Add command line argument to filter overdue notification for a given project

Improvements:

* Improve SQL migrations when old default swimlanes have the same name as a normal swimlanes

Bug fixes:

* Add missing subtask permissions for project viewer role
* Fix Javascript language mapping
Comment 1 Bart Wrobel 2017-08-26 09:11:22 UTC 
Created attachment 185778 [details]
Testport results
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-08-26 12:59:59 UTC 
A commit references this bug:

Author: tobik
Date: Sat Aug 26 12:59:28 UTC 2017
New revision: 448768
URL: https://svnweb.freebsd.org/changeset/ports/448768

Log:
  Document vulnerabilities of www/kanboard

  PR:		221826

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-08-26 13:04:03 UTC 
A commit references this bug:

Author: tobik
Date: Sat Aug 26 13:03:03 UTC 2017
New revision: 448769
URL: https://svnweb.freebsd.org/changeset/ports/448769

Log:
  www/kanboard: Update to 1.0.46

  Changes:	https://github.com/kanboard/kanboard/blob/master/ChangeLog
  PR:		221826
  Submitted by:	Bart Wrobel <bsd@if0.eu> (maintainer)
  MFH:		2017Q3
  Security:	CVE-2017-12850
  Security:	CVE-2017-12851

Changes:
  head/www/kanboard/Makefile
  head/www/kanboard/distinfo
  head/www/kanboard/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-08-27 05:19:57 UTC 
A commit references this bug:

Author: tobik
Date: Sun Aug 27 05:19:04 UTC 2017
New revision: 448803
URL: https://svnweb.freebsd.org/changeset/ports/448803

Log:
  MFH: r448769

  www/kanboard: Update to 1.0.46

  Changes:	https://github.com/kanboard/kanboard/blob/master/ChangeLog
  PR:		221826
  Submitted by:	Bart Wrobel <bsd@if0.eu> (maintainer)
  Security:	CVE-2017-12850
  Security:	CVE-2017-12851

  Approved by:	ports-secteam (delphij)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/www/kanboard/Makefile
  branches/2017Q3/www/kanboard/distinfo
  branches/2017Q3/www/kanboard/pkg-plist
Comment 5 rahu 2017-09-02 07:32:42 UTC 
MARKED AS SPAM