From monnerville@iap.fr  Mon Jan 26 12:55:31 2009
Return-Path: <monnerville@iap.fr>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C88D7106567F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Jan 2009 12:55:31 +0000 (UTC)
	(envelope-from monnerville@iap.fr)
Received: from rasteau.iap.fr (rasteau.iap.fr [194.167.0.195])
	by mx1.freebsd.org (Postfix) with ESMTP id 8E1A88FC13
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Jan 2009 12:55:31 +0000 (UTC)
	(envelope-from monnerville@iap.fr)
Received: from terabsd.iap.fr ([194.57.221.7])
	by rasteau.iap.fr with esmtp (Exim 4.67)
	(envelope-from <monnerville@iap.fr>)
	id 1LRQUG-00044b-SH; Mon, 26 Jan 2009 13:22:44 +0100
Received: from terabsd.iap.fr (localhost [127.0.0.1])
	by terabsd.iap.fr (Postfix) with ESMTP id A255746141A;
	Mon, 26 Jan 2009 13:24:25 +0100 (CET)
Received: (from root@localhost)
	by terabsd.iap.fr (8.14.3/8.14.3/Submit) id n0QCOPZp073273;
	Mon, 26 Jan 2009 13:24:25 +0100 (CET)
	(envelope-from mathias)
Message-Id: <200901261224.n0QCOPZp073273@terabsd.iap.fr>
Date: Mon, 26 Jan 2009 13:24:25 +0100 (CET)
From: Mathias Monnerville <mathias@monnerville.com>
Reply-To: Mathias Monnerville <mathias@monnerville.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: mathias@monnerville.com
Subject: [maintainer update] www/glpi 0.71.4 (security fix)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         131011
>Category:       ports
>Synopsis:       [maintainer update] www/glpi 0.71.4 (security fix)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pgollucci
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 26 13:00:01 UTC 2009
>Closed-Date:    Wed Jan 28 05:22:19 UTC 2009
>Last-Modified:  Wed Jan 28 05:30:04 UTC 2009
>Originator:     Mathias Monnerville
>Release:        FreeBSD 7.1-BETA amd64
>Organization:
>Environment:
System: FreeBSD terabsd.iap.fr 7.1-BETA FreeBSD 7.1-BETA #0: Sun Sep 7 09:38:41 UTC 2008 root@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64


	
>Description:
	A security issue has been found and fixed recently (SQL injection).
	
>How-To-Repeat:
	
>Fix:

	

--- glpi.diff begins here ---
diff -ur glpi.orig/Makefile glpi/Makefile
--- glpi.orig/Makefile	2008-12-03 12:03:19.000000000 +0100
+++ glpi/Makefile	2009-01-26 13:05:47.000000000 +0100
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	glpi
-DISTVERSION=	0.71.3
+DISTVERSION=	0.71.4
 CATEGORIES=	www
 MASTER_SITES=	http://glpi-project.org/IMG/gz/ \
 		http://download.gna.org/kanicule/freebsd/distfiles/
diff -ur glpi.orig/distinfo glpi/distinfo
--- glpi.orig/distinfo	2008-12-03 12:03:19.000000000 +0100
+++ glpi/distinfo	2009-01-26 11:11:34.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (glpi-0.71.3.tar.gz) = 0ad7e379f69cc81c59d5b297ab83474a
-SHA256 (glpi-0.71.3.tar.gz) = 72af0e4f45bd10e61f16a10e992146018cd785a7e33014bf3947a4e9da3c4c95
-SIZE (glpi-0.71.3.tar.gz) = 2025536
+MD5 (glpi-0.71.4.tar.gz) = d7e4ae789408616b67ea6d598bc3cc51
+SHA256 (glpi-0.71.4.tar.gz) = 5b5e4fbd2ab60f04841045aff5f9947c7abc7c0b277618450f474b06b8786d1b
+SIZE (glpi-0.71.4.tar.gz) = 2023198
diff -ur glpi.orig/pkg-plist glpi/pkg-plist
--- glpi.orig/pkg-plist	2008-12-03 12:03:19.000000000 +0100
+++ glpi/pkg-plist	2009-01-26 11:48:49.000000000 +0100
@@ -1,4 +1,3 @@
-www/glpi/AUTHORS.txt
 www/glpi/CHANGELOG.txt
 www/glpi/COPYING.txt
 www/glpi/LISEZMOI.txt
--- glpi.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->pgollucci 
Responsible-Changed-By: pgollucci 
Responsible-Changed-When: Tue Jan 27 04:23:54 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131011 
State-Changed-From-To: open->feedback 
State-Changed-By: pgollucci 
State-Changed-When: Tue Jan 27 08:21:54 UTC 2009 
State-Changed-Why:  
feedback-pr 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131011 

From: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
To: bug-followup@FreeBSD.org, mathias@monnerville.com
Cc:  
Subject: Re: ports/131011: [maintainer update] www/glpi 0.71.4 (security fix)
Date: Tue, 27 Jan 2009 03:20:21 -0500

 is there a corresponding CVE or anything for this ?
 
 
 -- 
 ------------------------------------------------------------------------
 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
 Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
 Consultant          - P6M7G8 Inc.                http://p6m7g8.net
 Senior Sys Admin    - RideCharge, Inc.           http://ridecharge.com
 Contractor          - PositiveEnergyUSA          http://positiveenergyusa.com
 ASF Member          - Apache Software Foundation http://apache.org
 FreeBSD Committer   - FreeBSD Foundation         http://freebsd.org
 
 Work like you don't need the money,
 love like you'll never get hurt,
 and dance like nobody's watching.

From: Mathias Monnerville <mathias@monnerville.com>
To: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/131011: [maintainer update] www/glpi 0.71.4 (security
	fix)
Date: Tue, 27 Jan 2009 12:11:21 +0100

 On Tue, Jan 27, 2009 at 03:20:21AM -0500, Philip M. Gollucci wrote:
 > is there a corresponding CVE or anything for this ?
 
 Nothing but an announcement on their official website (and ML):
 http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
 
State-Changed-From-To: feedback->open 
State-Changed-By: pgollucci 
State-Changed-When: Wed Jan 28 04:12:27 UTC 2009 
State-Changed-Why:  
feedback received 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131011 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/131011: commit references a PR
Date: Wed, 28 Jan 2009 05:07:56 +0000 (UTC)

 pgollucci    2009-01-28 05:07:48 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/vuxml       vuln.xml 
   Log:
   Document glpi -- SQL Injection vulnerabilty
   
   PR:             ports/131011
   Submitted by:   Mathias Monnerville <mathias@monnerville.com>
   
   Revision  Changes    Path
   1.1832    +29 -1     ports/security/vuxml/vuln.xml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: pgollucci 
State-Changed-When: Wed Jan 28 05:22:18 UTC 2009 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131011 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/131011: commit references a PR
Date: Wed, 28 Jan 2009 05:22:13 +0000 (UTC)

 pgollucci    2009-01-28 05:22:03 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/glpi             Makefile distinfo pkg-plist 
   Log:
   - update to 0.71.4
   
   PR:             ports/131011
   Submitted by:   Mathias Monnerville <mathias@monnerville.com> (maintainer)
   Security:       http://www.vuxml.org/freebsd/2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8.html
   
   Revision  Changes    Path
   1.11      +1 -1      ports/www/glpi/Makefile
   1.9       +3 -3      ports/www/glpi/distinfo
   1.7       +0 -1      ports/www/glpi/pkg-plist
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
