Subject: CVS commit: [pkgsrc-2010Q1] pkgsrc/www/geeklog
From: Matthias Scheler
Date: 2010-05-18 00:38:02
Message id: 20100517223802.B5D1C175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3123 - requested by taca
www/geeklog: security update

Revisioned pulled up:
- www/geeklog/Makefile			1.27
- www/geeklog/distinfo			1.13
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon May 17 15:46:38 UTC 2010

Modified Files:
	pkgsrc/www/geeklog: Makefile distinfo

Log Message:
Update geeklog package to 1.6.1.1 (1.6.1sr1).

May 9, 2010 (1.6.1sr1)
------------

This release addresses the following security issue:

The autologin (using the long-term session cookie) is vulnerable to dictionary
attacks. This issue was originally reported by Bookoo of the Nine Situations
Group in one of his reports in April 2009 but apparently overlooked by the
Geeklog Team. Thanks to geeklog.net user Jack for pointing this out.

Files:
RevisionActionfile
1.26.2.1modifypkgsrc/www/geeklog/Makefile
1.12.4.1modifypkgsrc/www/geeklog/distinfo