ports/89596: PORT UPDATE: www/joomla 1.0.3 -> 1.0.4 (Security fixes)
Francisco Alves Cabrita
include at npf.deec.uc.pt
Sat Nov 26 18:10:46 UTC 2005
>Number: 89596
>Category: ports
>Synopsis: PORT UPDATE: www/joomla 1.0.3 -> 1.0.4 (Security fixes)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 26 18:10:00 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Francisco Alves Cabrita
>Release: FreeBSD 6.0-STABLE
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 6.0-STABLE FreeBSD 6.0-STABLE #0: Fri Nov 25 16:42:45 WET 2005 fac at fac.e10.pt:/usr/obj/usr/src/sys/MOBILE i386
>Description:
1.0.4 Contains fixes for 6 Security Vunerabilities.
Critical Level Threats
Potentional XSS injection through GET and other variables
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Hardened SEF against XSS injection
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Low Level Threats
Potential SQL injection in Polls modules through the Itemid variable
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Potential SQL injection in several methods in mosDBTable class
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Potential misuse of Media component file management functions
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>How-To-Repeat:
>Fix:
--- Makefile_3 Sat Nov 26 17:50:40 2005
+++ Makefile Fri Nov 25 20:56:50 2005
@@ -5,9 +5,9 @@
# $FreeBSD: ports/www/joomla/Makefile,v 1.1 2005/11/25 02:08:33 edwin Exp $
PORTNAME= joomla
-PORTVERSION= 1.0.3
+PORTVERSION= 1.0.4
CATEGORIES= www
-MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_3/frs1820?dl=1/:source1
+MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_4/frs2532?dl=1/:source1
DISTFILES= ${JOOMLA_SRC}:source1
MAINTAINER= include at npf.pt.freebsd.org
@@ -25,7 +25,7 @@
JOOMLA_DIR?= www/${PORTNAME}
DIST_SUBDIR= ${PORTNAME}
-JOOMLA_SRC= Joomla_1.0.3-Stable-Full_Package.tar.gz
+JOOMLA_SRC= Joomla_1.0.4-Stable-Full_Package.tar.gz
do-extract:
@${MKDIR} ${WRKSRC}
--- distinfo_3 Sat Nov 26 17:50:40 2005
+++ distinfo Fri Nov 25 20:56:50 2005
@@ -1,2 +1,3 @@
-MD5 (joomla/Joomla_1.0.3-Stable-Full_Package.tar.gz) = 077ec8232b43fa3e619e5fa087e06c38
-SIZE (joomla/Joomla_1.0.3-Stable-Full_Package.tar.gz) = 1814205
+MD5 (joomla/Joomla_1.0.4-Stable-Full_Package.tar.gz) = 5ba5e601b10c80c9d7709294c15e0350
+SHA256 (joomla/Joomla_1.0.4-Stable-Full_Package.tar.gz) = 0ada614f83f20b6d9cbfc30d7a659734162addd47f9b438a928922e2179ce465
+SIZE (joomla/Joomla_1.0.4-Stable-Full_Package.tar.gz) = 1785111
--- pkg-plist_3 Sat Nov 26 17:50:40 2005
+++ pkg-plist Fri Nov 25 20:56:50 2005
@@ -295,7 +295,6 @@
www/joomla/administrator/images/apply_f2.png
www/joomla/administrator/images/archive.png
www/joomla/administrator/images/archive_f2.png
-www/joomla/administrator/images/asterisk.png
www/joomla/administrator/images/back.png
www/joomla/administrator/images/back_f2.png
www/joomla/administrator/images/backup.png
@@ -342,9 +341,7 @@
www/joomla/administrator/images/index.html
www/joomla/administrator/images/install.png
www/joomla/administrator/images/langmanager.png
-www/joomla/administrator/images/logo.png
www/joomla/administrator/images/mail.png
-www/joomla/administrator/images/mambo.gif
www/joomla/administrator/images/massemail.png
www/joomla/administrator/images/mediamanager.png
www/joomla/administrator/images/menu.png
@@ -522,7 +519,6 @@
www/joomla/editor/editor.php
www/joomla/editor/index.html
www/joomla/globals.php
-www/joomla/globals.php-off
www/joomla/help/css/docbook.css
www/joomla/help/css/help.css
www/joomla/help/css/index.html
@@ -845,6 +841,7 @@
www/joomla/includes/js/jscalendar-1.0/menuarrow.gif
www/joomla/includes/js/jscalendar-1.0/menuarrow2.gif
www/joomla/includes/js/mambojavascript.js
+www/joomla/includes/js/overlib_hideform_mini.js
www/joomla/includes/js/overlib_mini.js
www/joomla/includes/js/tabs/index.html
www/joomla/includes/js/tabs/tab.png
@@ -1009,6 +1006,7 @@
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/langs/en.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/langs/index.html
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/license.txt
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/index.html
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/editor_plugin.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/editor_plugin_src.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/images/index.html
@@ -1017,7 +1015,6 @@
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/langs/en.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/langs/index.html
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/popup.htm
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/readme.txt
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/advhr/editor_plugin.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/advhr/editor_plugin_src.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/advhr/images/advhr.gif
@@ -1075,7 +1072,6 @@
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/emotions.htm
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/emotions.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/index.html
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/readme.txt
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/smiley-cool.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/smiley-cry.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/smiley-embarassed.gif
@@ -1177,7 +1173,6 @@
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/print/index.html
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/print/langs/en.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/print/langs/index.html
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/readme.txt
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/save/editor_plugin.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/save/editor_plugin_src.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/save/images/index.html
@@ -1227,15 +1222,18 @@
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/jscripts/table.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs/en.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs/index.html
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs/readme.txt
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/merge_cells.htm
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/row.htm
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/table.htm
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/editor_plugin.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/editor_plugin_src.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/index.html
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/es.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/he.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/index.html
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru_UTF-8.js
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru.js
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru_KOI8-R.js
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/about.htm
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/anchor.htm
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/charmap.htm
@@ -1299,6 +1297,10 @@
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_col_before.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_row_after.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_row_before.gif
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/bold_es.gif
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/opacity.png
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/italic_es.gif
+www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_es.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_fr.gif
www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_ru.gif
After diffing this 3 files i also ask to remove the dist file because it doesen't do nothing.
Thanks in advance
Francisco Cabrita
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list