Bug 203255 - www/plone: security/vuxml: multiple security advisories
Summary: www/plone: security/vuxml: multiple security advisories
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ruslan Makhmatkhanov
Keywords: security
Depends on:
Reported: 2015-09-22 00:41 UTC by Jason Unovitch
Modified: 2016-01-10 23:14 UTC (History)
3 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Jason Unovitch freebsd_committer 2015-09-22 00:41:20 UTC
Maintainer of www/plone,

Multiple security advisories have been posted for issues in Plone.


I haven't looked into these further but it looks like these issues will need VuXML and an update to the port.
Comment 1 commit-hook freebsd_committer 2015-10-05 03:09:37 UTC
A commit references this bug:

Author: junovitch
Date: Mon Oct  5 03:09:25 UTC 2015
New revision: 398628
URL: https://svnweb.freebsd.org/changeset/ports/398628

  Document 20150910 Plone advisories

  PR:		203255
  Security:	6b3374d4-6b0b-11e5-9909-002590263bf5

Comment 2 Jason Unovitch freebsd_committer 2015-10-05 03:15:54 UTC
The first two are for the current version of Plone.  The second two are for Plone 3 or 4.2.x.

There are immediate action steps for the end user in the advisory for the self-registration feature and the end user can patch their local instance or disable the vulnerable feature.  However as the XSS feature did not have a hotfix patch I felt it would be prudent to just document 4.3.7 as fixed.
Comment 3 Ruslan Makhmatkhanov freebsd_committer 2016-01-10 23:14:01 UTC
Plone was just updated to 4.3.7. Thank you for the vuxml entry, Jason.