ports/169600: update phpList to new 2.10.18 version due to vulnerabilities

Mon Jul 2 13:20:06 UTC 2012

>Number:         169600
>Category:       ports
>Synopsis:       update phpList to new 2.10.18 version due to vulnerabilities
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 02 13:20:05 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Krzysztof Stryjek
>Release:        FreeBSD 7.3-STABLE amd64
>Organization:
private
>Environment:
System: FreeBSD cmd 7.3-STABLE FreeBSD 7.3-STABLE #1: Fri May 7 15:18:19 CEST 2010 toor at cmd:/home/usr/obj/home/usr/src/sys/AQQ amd64
>Description:
	PhpList till 2.10.17 has XSS and SQL injection vulnerabilities. So
there is new 2.10.18 version.
>How-To-Repeat:
	cd mail/phplist && nake all install clean
>Fix:
There is patch to apply new version of phpList:

diff -ruN phplist.orig/Makefile phplist/Makefile

--- phplist.orig/Makefile	2011-10-17 06:35:01.000000000 +0200
+++ phplist/Makefile	2012-06-28 01:50:58.000000000 +0200
@@ -5,7 +5,7 @@
 # $FreeBSD: ports/mail/phplist/Makefile,v 1.10 2011/10/17 04:35:01 dougb Exp $
 
 PORTNAME=	phplist
-PORTVERSION=	2.10.17
+PORTVERSION=	2.10.18
 CATEGORIES=	mail www
 MASTER_SITES=	SF
 EXTRACT_SUFX=	.tgz
diff -ruN phplist.orig/distinfo phplist/distinfo
--- phplist.orig/distinfo	2011-10-05 14:30:55.000000000 +0200
+++ phplist/distinfo	2012-06-28 01:51:53.000000000 +0200
@@ -1,2 +1,2 @@
-SHA256 (phplist-2.10.17.tgz) = 84139766c9c2169c9a20ae869f0bfe9d7c32739126ab037ee2f153e571fcfa31
-SIZE (phplist-2.10.17.tgz) = 2297323
+SHA256 (phplist-2.10.18.tgz) = 0a1a246d4f54a34840b607dc9a8f57d70f0756bd39ae7be75c8d741932018599
+SIZE (phplist-2.10.18.tgz) = 2297328

>Release-Note:
>Audit-Trail:
>Unformatted:

