ports/110350: [PATCH] (security?) upgrade of sql-ledger
Antoine Beaupre
anarcat at koumbit.org
Thu Mar 15 19:40:06 UTC 2007
>Number: 110350
>Category: ports
>Synopsis: [PATCH] (security?) upgrade of sql-ledger
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 15 19:40:06 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Antoine Beaupre
>Release: FreeBSD 6.2-RELEASE-p2 i386
>Organization:
Koumbit
>Environment:
System: FreeBSD lethe.koumbit.net 6.2-RELEASE-p2 FreeBSD 6.2-RELEASE-p2 #0: Fri Mar 9 14:54:27 EST 2007 anarcat at lethe.koumbit.net:/usr/obj/usr/src/sys/LETHE6 i386
SQL-Ledger < 2.2.26.
>Description:
The current version of SQL_Ledger in the ports system is vulnerable to a "authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x." 2.6.26 was released to correct this problem.
http://www.securityfocus.com/archive/1/462375
>How-To-Repeat:
N/A
>Fix:
--- Makefile.orig Mon Mar 12 13:04:58 2007
+++ Makefile Mon Mar 12 13:05:25 2007
@@ -6,7 +6,7 @@
#
PORTNAME= sql-ledger
-PORTVERSION= 2.6.25
+PORTVERSION= 2.6.26
CATEGORIES= finance perl5
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \
http://www.sql-ledger.com/source/
--- distinfo.orig Mon Mar 12 13:05:03 2007
+++ distinfo Mon Mar 12 13:06:28 2007
@@ -1,3 +1,3 @@
-MD5 (sql-ledger-2.6.25.tar.gz) = 76ae71da3a8d5863aabb8bc8bd72bccb
-SHA256 (sql-ledger-2.6.25.tar.gz) = 0fa9bf0bf6b40c9e31075c3790124879cdd507d616d2748e59c21e2b4d96057a
-SIZE (sql-ledger-2.6.25.tar.gz) = 3048626
+MD5 (sql-ledger-2.6.26.tar.gz) = c47b5cfc4a743f8234f0719a3e41eaf9
+SHA256 (sql-ledger-2.6.26.tar.gz) = c4bfb12c2793341e408f8c417fa0c4c52b7ad9da59944a196cfae5ccfef7c005
+SIZE (sql-ledger-2.6.26.tar.gz) = 3048615
--- pkg-plist.orig Mon Mar 12 13:05:10 2007
+++ pkg-plist Mon Mar 12 13:12:56 2007
@@ -109,7 +109,7 @@
sql-ledger/doc/UPGRADE-2.4.16-2.6.0
sql-ledger/doc/UPGRADE-2.4.2-2.4.3
sql-ledger/doc/UPGRADE-2.4.3-2.4.16
-sql-ledger/doc/UPGRADE-2.6.0-2.6.25
+sql-ledger/doc/UPGRADE-2.6.0-2.6.26
sql-ledger/doc/faq.html
sql-ledger/favicon.ico
sql-ledger/gl.pl
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list