Subject: CVS commit: pkgsrc/www/passenger
From: Filip Hajny
Date: 2018-06-13 14:57:47
Message id:

Log Message:
www/passenger: Update to 5.3.2.

- [Nginx] Fixes CVE-2018-12029, a local privilege escalation
  vulnerability in the Nginx module that occurs when
  `passenger_instance_registry_dir` is configured to a directory
  with insufficiently strict permissions.
- Fixes CVE-2018-12026, 12027, and 12028. These are local denial of
  service, local information disclosure and local privilege escalation
  vulnerabilities that could be exploited by malicious applications or
  malicious users on the system.
- Fixes Meteor support in non-bundled mode (regression from 5.3.0).
- Fixes the fact that the error page (which is shown when an app fails
  to spawn) sometimes contains unsufficient analysis details about the
- [Apache] Fixes PassengerMaxInstancesPerApp not being respected
  (regression from config refactor in 5.2.0).
- [Enterprise, Apache] Fixes PassengerMaxInstances not being respected
  (regression from config refactor in 5.2.0).
- [Enterprise] Fixes passenger-irb being unable to connect to an app
  process (regression from 5.3.0).