From nobody@FreeBSD.org  Mon Oct  7 04:39:37 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 1215CD10
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 Oct 2013 04:39:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id F2A442346
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 Oct 2013 04:39:36 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r974daQ9035125
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 7 Oct 2013 04:39:36 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r974daLR035120;
	Mon, 7 Oct 2013 04:39:36 GMT
	(envelope-from nobody)
Message-Id: <201310070439.r974daLR035120@oldred.freebsd.org>
Date: Mon, 7 Oct 2013 04:39:36 GMT
From: Dewayne <dewayne.geraghty@heuristicsystems.com.au>
To: freebsd-gnats-submit@FreeBSD.org
Subject: egroupware remote access vulnerability
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         182781
>Category:       ports
>Synopsis:       deskutils/egroupware remote access vulnerability
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    danilo
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 07 04:40:01 UTC 2013
>Closed-Date:    Mon Oct 07 15:04:01 UTC 2013
>Last-Modified:  Tue Oct 08 02:17:18 UTC 2013
>Originator:     Dewayne
>Release:        FreeBSD 9.2S
>Organization:
>Environment:
>Description:
egroupware has a remote access security vulnerability.  Mitigated in version 1.8.05, identified at
http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/eGroupware-1.8.005.20131001/

Its difficult to ascertain what the actual problem is.  The egroupware team have rated 9 CVE vulnerabilities since 2007 as low.

It would be prudent to update the application.

Ref:
http://www.cvedetails.com/product/4141/Egroupware-Egroupware.html?vendor_id=2373 


>How-To-Repeat:

>Fix:
In Makefile
-PORTVERSION=   1.8.004.20130831
+PORTVERSION=   1.8.005.20131001


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->danilo 
Responsible-Changed-By: danilo 
Responsible-Changed-When: Mon Oct 7 14:19:31 UTC 2013 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=182781 
State-Changed-From-To: open->closed 
State-Changed-By: danilo 
State-Changed-When: Mon Oct 7 15:03:59 UTC 2013 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=182781 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/182781: commit references a PR
Date: Mon,  7 Oct 2013 15:03:48 +0000 (UTC)

 Author: danilo
 Date: Mon Oct  7 15:03:41 2013
 New Revision: 329709
 URL: http://svnweb.freebsd.org/changeset/ports/329709
 
 Log:
   - Update from 1.8.004.20130831 to 1.8.005.20131001 [1]
   - Change maintainer email to @FreeBSD.org
   
   Changelog: http://svn.stylite.de/viewvc/egroupware/branches/1.8/egroupware/doc/rpm-build/debian.changes?view=markup
   
   PR:		ports/182781
   Submitted by:	Dewayne <dewayne.geraghty@heuristicsystems.com.au> [1]
   Approved by:	wg/culot (mentors, implicit)
 
 Modified:
   head/deskutils/egroupware/Makefile
   head/deskutils/egroupware/distinfo
 
 Modified: head/deskutils/egroupware/Makefile
 ==============================================================================
 --- head/deskutils/egroupware/Makefile	Mon Oct  7 14:20:25 2013	(r329708)
 +++ head/deskutils/egroupware/Makefile	Mon Oct  7 15:03:41 2013	(r329709)
 @@ -2,13 +2,13 @@
  # $FreeBSD$
  
  PORTNAME=	eGroupware
 -PORTVERSION=	1.8.004.20130831
 +PORTVERSION=	1.8.005.20131001
  CATEGORIES=	deskutils
  MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}-1.8/${PORTNAME}-${PORTVERSION}
  DISTFILES=	${PORTNAME}-${PORTVERSION}.tar.bz2 \
  		${PORTNAME}-egw-pear-${PORTVERSION}.tar.bz2
  
 -MAINTAINER=	danilogondolfo@gmail.com
 +MAINTAINER=	danilo@FreeBSD.org
  COMMENT=	Web-based GroupWare system
  
  BUILD_DEPENDS=	${PEARDIR}/Auth/SASL.php:${PORTSDIR}/security/pear-Auth_SASL \
 
 Modified: head/deskutils/egroupware/distinfo
 ==============================================================================
 --- head/deskutils/egroupware/distinfo	Mon Oct  7 14:20:25 2013	(r329708)
 +++ head/deskutils/egroupware/distinfo	Mon Oct  7 15:03:41 2013	(r329709)
 @@ -1,4 +1,4 @@
 -SHA256 (eGroupware-1.8.004.20130831.tar.bz2) = d1b4cbd32647cdfcc5ba74d8a532ae660b25954b8ef5bb75b7bf3d5599a59a0f
 -SIZE (eGroupware-1.8.004.20130831.tar.bz2) = 10784621
 -SHA256 (eGroupware-egw-pear-1.8.004.20130831.tar.bz2) = 0dc9988459190a5ee544d0432dbbfb8bca5b033f249ccb3c8a7721488ac444fd
 -SIZE (eGroupware-egw-pear-1.8.004.20130831.tar.bz2) = 76045
 +SHA256 (eGroupware-1.8.005.20131001.tar.bz2) = 62013a411e38fbe58516764aca000165eafab938d2d96ad229bb4143841c9eb0
 +SIZE (eGroupware-1.8.005.20131001.tar.bz2) = 10779109
 +SHA256 (eGroupware-egw-pear-1.8.005.20131001.tar.bz2) = af0aa19de9d20f5d380b9a6394899a35a56f8030aa64b23d593a2676e708b2b2
 +SIZE (eGroupware-egw-pear-1.8.005.20131001.tar.bz2) = 76481
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
