From wtp@bsdserwis.com  Mon Jul  2 13:16:59 2012
Return-Path: <wtp@bsdserwis.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 79CE41065676
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  2 Jul 2012 13:16:59 +0000 (UTC)
	(envelope-from wtp@bsdserwis.com)
Received: from mx1.bsdserwis.com (ns37332.ovh.net [91.121.4.86])
	by mx1.freebsd.org (Postfix) with ESMTP id 44AB28FC15
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  2 Jul 2012 13:16:58 +0000 (UTC)
Received: by mx1.bsdserwis.com (Postfix, from userid 1000)
	id BBD6B2CA45B4; Mon,  2 Jul 2012 15:16:57 +0200 (CEST)
Message-Id: <20120702131657.BBD6B2CA45B4@mx1.bsdserwis.com>
Date: Mon,  2 Jul 2012 15:16:57 +0200 (CEST)
From: Krzysztof Stryjek <ports@bsdserwis.com>
Reply-To: Krzysztof Stryjek <ports@bsdserwis.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: update phpList to new 2.10.18 version due to vulnerabilities
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         169600
>Category:       ports
>Synopsis:       update phpList to new 2.10.18 version due to vulnerabilities
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    wxs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 02 13:20:05 UTC 2012
>Closed-Date:    Tue Jul 03 02:06:39 UTC 2012
>Last-Modified:  Tue Jul  3 02:10:01 UTC 2012
>Originator:     Krzysztof Stryjek
>Release:        FreeBSD 7.3-STABLE amd64
>Organization:
private
>Environment:
System: FreeBSD cmd 7.3-STABLE FreeBSD 7.3-STABLE #1: Fri May 7 15:18:19 CEST 2010 toor@cmd:/home/usr/obj/home/usr/src/sys/AQQ amd64
>Description:
	PhpList till 2.10.17 has XSS and SQL injection vulnerabilities. So
there is new 2.10.18 version.
>How-To-Repeat:
	cd mail/phplist && nake all install clean
>Fix:
There is patch to apply new version of phpList:

diff -ruN phplist.orig/Makefile phplist/Makefile
--- phplist.orig/Makefile	2011-10-17 06:35:01.000000000 +0200
+++ phplist/Makefile	2012-06-28 01:50:58.000000000 +0200
@@ -5,7 +5,7 @@
 # $FreeBSD: ports/mail/phplist/Makefile,v 1.10 2011/10/17 04:35:01 dougb Exp $
 
 PORTNAME=	phplist
-PORTVERSION=	2.10.17
+PORTVERSION=	2.10.18
 CATEGORIES=	mail www
 MASTER_SITES=	SF
 EXTRACT_SUFX=	.tgz
diff -ruN phplist.orig/distinfo phplist/distinfo
--- phplist.orig/distinfo	2011-10-05 14:30:55.000000000 +0200
+++ phplist/distinfo	2012-06-28 01:51:53.000000000 +0200
@@ -1,2 +1,2 @@
-SHA256 (phplist-2.10.17.tgz) = 84139766c9c2169c9a20ae869f0bfe9d7c32739126ab037ee2f153e571fcfa31
-SIZE (phplist-2.10.17.tgz) = 2297323
+SHA256 (phplist-2.10.18.tgz) = 0a1a246d4f54a34840b607dc9a8f57d70f0756bd39ae7be75c8d741932018599
+SIZE (phplist-2.10.18.tgz) = 2297328

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->wxs 
Responsible-Changed-By: wxs 
Responsible-Changed-When: Tue Jul 3 01:18:27 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169600 
State-Changed-From-To: open->closed 
State-Changed-By: wxs 
State-Changed-When: Tue Jul 3 02:06:38 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169600 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/169600: commit references a PR
Date: Tue,  3 Jul 2012 02:06:34 +0000 (UTC)

 wxs         2012-07-03 02:06:24 UTC
 
   FreeBSD ports repository
 
   Modified files:
     mail/phplist         Makefile distinfo 
   Log:
   Update to 2.10.18
   
   PR:             ports/169600
   Submitted by:   Krzysztof Stryjek <ports@bsdserwis.com> (maintainer)
   Security:       fd8bac56-c444-11e1-864b-001cc0877741
   
   Revision  Changes    Path
   1.11      +1 -1      ports/mail/phplist/Makefile
   1.7       +2 -2      ports/mail/phplist/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
