./www/contao35, Contao Open Source CMS 3.5.35

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2018Q1, Version: 3.5.35, Package name: php71-contao35-3.5.35, Maintainer: taca

Contao is an Open Source Content Management Framework developed by Leo Feyer
and distributed under the LGPL license (see GPL.txt and LGPL.txt for more
information). It was formerly known as TYPOlight Open Source CMS.

Its open architecture allows everybody to extend the system to fit his
needs. Contao specializes in accessible websites and is accessbile
itself (front end and back end), rendering valid HTML5 or XHTML pages.

This is version 3.5 stable, LTS (Long Term Support) release.

DEINSTALL [+/-]

Required to run:
[databases/php-mysqli] [net/php-soap] [graphics/php-gd] [archivers/php-zlib] [security/php-pecl-mcrypt] [www/php-curl] [shells/bash] [converters/php-mbstring]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 398499e9e817e3f207a445135c654b7802e02a54
RMD160: 44ce17190a219f85740a490a8599e2edb5db9111
Filesize: 10940.914 KB

Version history: (Expand)


CVS history: (Expand)


   2018-05-06 11:29:50 by S.P.Zeidler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #5743 - requested by taca
www/contao35: security update

Revisions pulled up:
- www/contao35/Makefile                                         1.39
- www/contao35/distinfo                                         1.31

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 23 14:00:18 UTC 2018

   Modified Files:
   	pkgsrc/www/contao35: Makefile distinfo

   Log message:
   www/contao35: update to 3.5.35

   Version 3.5.35 (2018-04-18)
   ---------------------------

   ### Fixed
   Fix an XSS vulnerability in the system log (see CVE-2018-10125).

   CVE-2018-10125

   With a manipulated request, an attacker can implant a script which is executed
   when a logged in back end user opens the system log.  The attacker themselves
   does not have to be logged in.

   The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
   4.5.7. We highly recommend you to update.

   To generate a diff of this commit:
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/www/contao35/Makefile
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/contao35/distinfo