cvs commit: ports/www/joomla Makefile distinfo pkg-plist
Remko Lodder
remko at FreeBSD.org
Mon Nov 28 17:01:13 GMT 2005
Sergey Matveychuk wrote:
> sem 2005-11-28 07:30:34 UTC
>
> FreeBSD ports repository
>
> Modified files:
> www/joomla Makefile distinfo pkg-plist
> Log:
> - Update to 1.0.4
> It fixes 6 Security Vunerabilities:
>
> Critical Level Threats
> Potentional XSS injection through GET and other variables
> - Affects all previous versions of Joomla! and Mambo 4.5.2.3
> Hardened SEF against XSS injection
> - Affects all previous versions of Joomla! and Mambo 4.5.2.3
>
> Low Level Threats
> Potential SQL injection in Polls modules through the Itemid variable
> - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
> Potential SQL injection in several methods in mosDBTable class
> - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
> Potential misuse of Media component file management functions
> - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
> Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
> - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
>
> PR: ports/89596
> Submitted by: Francisco Alves Cabrita (maintainer)
>
Hi Sem,
Thanks for updating Joomla, but please use Security:
tags in your commit msg if it regards security updates.
That way automated scripts can easily spot what kind of update
this was.
It would also have been great if there was a pointer to the
issue like an announcement or something :-)
Cheers,
Remko
--
Kind regards,
Remko Lodder ** remko at elvandar.org
FreeBSD ** remko at FreeBSD.org
More information about the cvs-ports
mailing list