cvs commit: ports/www/mediawiki Makefile distinfo
Edwin Groothuis
edwin at FreeBSD.org
Tue Dec 20 12:52:26 PST 2005
edwin 2005-12-20 20:52:18 UTC
FreeBSD ports repository
Modified files:
www/mediawiki Makefile distinfo
Log:
www/mediawiki update to 1.5.3 (security update)
Fixes a security issue: Validation of the user language
option was broken by a code change in May 2005, opening the
possibility of remote code execution as this parameter is
used in forming a class name dynamically created with eval().
The validation has been corrected in this version. All
prior 1.5 release and prelease versions are affected; 1.4
and earlier and not affected.
PR: ports/90335
Submitted by: Thomas Vogt <thomas at bsdunix.ch>
Approved by: maintainer timeout
Revision Changes Path
1.18 +1 -1 ports/www/mediawiki/Makefile
1.15 +3 -2 ports/www/mediawiki/distinfo
More information about the cvs-ports
mailing list