Bug 221826 - www/kanboard: Update to 1.0.46
Summary: www/kanboard: Update to 1.0.46
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Tobias Kortkamp
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-08-26 09:07 UTC by Bart Wrobel
Modified: 2017-09-02 07:32 UTC (History)
2 users (show)

See Also:
tobik: merge-quarterly+


Attachments
Patch to update from 1.0.44 to 1.0.46 (47.23 KB, patch)
2017-08-26 09:07 UTC, Bart Wrobel
no flags Details | Diff
Testport results (155.05 KB, text/plain)
2017-08-26 09:11 UTC, Bart Wrobel
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bart Wrobel 2017-08-26 09:07:57 UTC
Created attachment 185777 [details]
Patch to update from 1.0.44 to 1.0.46

No breaking changes.

Changelog:

Version 1.0.46 (August 13, 2017)
--------------------------------

Security Issues:

* Fix two privilege escalation issues: a standard user could reset the password 
of another user (including admin) by altering form data.
(CVE-2017-12850 and CVE-2017-12851, discovered by "chbi").

Improvements:

* Add "Create another link" checkbox for internal link as in sub-task creation
* Updated translations

Bug fixes:

* Fix parsing issue in phpToBytes() method

Version 1.0.45 (June 23, 2017)
------------------------------

New features:

* Automatic action to assign tasks to its creator
* Add the possibility to create a comment when a task is sent by email
* Add dropdown menu to autocomplete email field from project members
* Add configurable list of predefined subjects when sending a task or a a comment by email
* Add command line argument to filter overdue notification for a given project

Improvements:

* Improve SQL migrations when old default swimlanes have the same name as a normal swimlanes

Bug fixes:

* Add missing subtask permissions for project viewer role
* Fix Javascript language mapping
Comment 1 Bart Wrobel 2017-08-26 09:11:22 UTC
Created attachment 185778 [details]
Testport results
Comment 2 commit-hook freebsd_committer 2017-08-26 12:59:59 UTC
A commit references this bug:

Author: tobik
Date: Sat Aug 26 12:59:28 UTC 2017
New revision: 448768
URL: https://svnweb.freebsd.org/changeset/ports/448768

Log:
  Document vulnerabilities of www/kanboard

  PR:		221826

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2017-08-26 13:04:03 UTC
A commit references this bug:

Author: tobik
Date: Sat Aug 26 13:03:03 UTC 2017
New revision: 448769
URL: https://svnweb.freebsd.org/changeset/ports/448769

Log:
  www/kanboard: Update to 1.0.46

  Changes:	https://github.com/kanboard/kanboard/blob/master/ChangeLog
  PR:		221826
  Submitted by:	Bart Wrobel <bsd@if0.eu> (maintainer)
  MFH:		2017Q3
  Security:	CVE-2017-12850
  Security:	CVE-2017-12851

Changes:
  head/www/kanboard/Makefile
  head/www/kanboard/distinfo
  head/www/kanboard/pkg-plist
Comment 4 commit-hook freebsd_committer 2017-08-27 05:19:57 UTC
A commit references this bug:

Author: tobik
Date: Sun Aug 27 05:19:04 UTC 2017
New revision: 448803
URL: https://svnweb.freebsd.org/changeset/ports/448803

Log:
  MFH: r448769

  www/kanboard: Update to 1.0.46

  Changes:	https://github.com/kanboard/kanboard/blob/master/ChangeLog
  PR:		221826
  Submitted by:	Bart Wrobel <bsd@if0.eu> (maintainer)
  Security:	CVE-2017-12850
  Security:	CVE-2017-12851

  Approved by:	ports-secteam (delphij)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/www/kanboard/Makefile
  branches/2017Q3/www/kanboard/distinfo
  branches/2017Q3/www/kanboard/pkg-plist
Comment 5 rahu 2017-09-02 07:32:42 UTC
MARKED AS SPAM