Bug 182781 - deskutils/egroupware remote access vulnerability
Summary: deskutils/egroupware remote access vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Danilo Egea Gondolfo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-07 05:40 UTC by Dewayne
Modified: 2013-10-08 03:17 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dewayne 2013-10-07 05:40:01 UTC
egroupware has a remote access security vulnerability.  Mitigated in version 1.8.05, identified at
http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/eGroupware-1.8.005.20131001/

Its difficult to ascertain what the actual problem is.  The egroupware team have rated 9 CVE vulnerabilities since 2007 as low.

It would be prudent to update the application.

Ref:
http://www.cvedetails.com/product/4141/Egroupware-Egroupware.html?vendor_id=2373

Fix: 

In Makefile
-PORTVERSION=   1.8.004.20130831
+PORTVERSION=   1.8.005.20131001
Comment 1 Danilo Egea Gondolfo freebsd_committer 2013-10-07 15:19:31 UTC
Responsible Changed
From-To: freebsd-ports-bugs->danilo

I'll take it.
Comment 2 dfilter service freebsd_committer 2013-10-07 16:03:48 UTC
Author: danilo
Date: Mon Oct  7 15:03:41 2013
New Revision: 329709
URL: http://svnweb.freebsd.org/changeset/ports/329709

Log:
  - Update from 1.8.004.20130831 to 1.8.005.20131001 [1]
  - Change maintainer email to @FreeBSD.org
  
  Changelog: http://svn.stylite.de/viewvc/egroupware/branches/1.8/egroupware/doc/rpm-build/debian.changes?view=markup
  
  PR:		ports/182781
  Submitted by:	Dewayne <dewayne.geraghty@heuristicsystems.com.au> [1]
  Approved by:	wg/culot (mentors, implicit)

Modified:
  head/deskutils/egroupware/Makefile
  head/deskutils/egroupware/distinfo

Modified: head/deskutils/egroupware/Makefile
==============================================================================
--- head/deskutils/egroupware/Makefile	Mon Oct  7 14:20:25 2013	(r329708)
+++ head/deskutils/egroupware/Makefile	Mon Oct  7 15:03:41 2013	(r329709)
@@ -2,13 +2,13 @@
 # $FreeBSD$
 
 PORTNAME=	eGroupware
-PORTVERSION=	1.8.004.20130831
+PORTVERSION=	1.8.005.20131001
 CATEGORIES=	deskutils
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}-1.8/${PORTNAME}-${PORTVERSION}
 DISTFILES=	${PORTNAME}-${PORTVERSION}.tar.bz2 \
 		${PORTNAME}-egw-pear-${PORTVERSION}.tar.bz2
 
-MAINTAINER=	danilogondolfo@gmail.com
+MAINTAINER=	danilo@FreeBSD.org
 COMMENT=	Web-based GroupWare system
 
 BUILD_DEPENDS=	${PEARDIR}/Auth/SASL.php:${PORTSDIR}/security/pear-Auth_SASL \

Modified: head/deskutils/egroupware/distinfo
==============================================================================
--- head/deskutils/egroupware/distinfo	Mon Oct  7 14:20:25 2013	(r329708)
+++ head/deskutils/egroupware/distinfo	Mon Oct  7 15:03:41 2013	(r329709)
@@ -1,4 +1,4 @@
-SHA256 (eGroupware-1.8.004.20130831.tar.bz2) = d1b4cbd32647cdfcc5ba74d8a532ae660b25954b8ef5bb75b7bf3d5599a59a0f
-SIZE (eGroupware-1.8.004.20130831.tar.bz2) = 10784621
-SHA256 (eGroupware-egw-pear-1.8.004.20130831.tar.bz2) = 0dc9988459190a5ee544d0432dbbfb8bca5b033f249ccb3c8a7721488ac444fd
-SIZE (eGroupware-egw-pear-1.8.004.20130831.tar.bz2) = 76045
+SHA256 (eGroupware-1.8.005.20131001.tar.bz2) = 62013a411e38fbe58516764aca000165eafab938d2d96ad229bb4143841c9eb0
+SIZE (eGroupware-1.8.005.20131001.tar.bz2) = 10779109
+SHA256 (eGroupware-egw-pear-1.8.005.20131001.tar.bz2) = af0aa19de9d20f5d380b9a6394899a35a56f8030aa64b23d593a2676e708b2b2
+SIZE (eGroupware-egw-pear-1.8.005.20131001.tar.bz2) = 76481
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Danilo Egea Gondolfo freebsd_committer 2013-10-07 16:03:59 UTC
State Changed
From-To: open->closed

Committed. Thanks!