ports/111119: [update] www/zope change to FORBIDDEN
Yasushi Hayashi
yasi at yasi.to
Mon Apr 2 01:20:09 UTC 2007
>Number: 111119
>Category: ports
>Synopsis: [update] www/zope change to FORBIDDEN
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 02 01:20:08 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Yasushi Hayashi
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
FreeBSD www.yasi.to 6.2-STABLE FreeBSD 6.2-STABLE #5: Fri Mar 30 14:25:55 JST 2007 yasi at www.yasi.to:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Zope.org announced cross-site scripting vulnerability in Zope 2.7.x.
But there is no Hotfix supported offcially.
See: http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/README.txt
The time has come that Zope 2.7.x should be FORBIDDEN.
Next, I MUST change Mk/bsd.python.mk to remove Zope 2.7.x.
But I don't have certain idea for it.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -urN /usr/ports/www/zope.old/Makefile /usr/ports/www/zope/Makefile
--- /usr/ports/www/zope.old/Makefile Mon Apr 2 09:15:40 2007
+++ /usr/ports/www/zope/Makefile Mon Apr 2 09:21:00 2007
@@ -17,6 +17,8 @@
MAINTAINER= estartu at augusta.de
COMMENT= An object-based web application platform
+FORBIDDEN= There is NO official supported HotFix for cross-site-scripting vulnerability.
+
WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final
USE_PYTHON= 2.3
USE_RC_SUBR= yes
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list