Subject: CVS commit: [pkgsrc-2018Q1] pkgsrc/www/contao35
From: S.P.Zeidler
Date: 2018-05-06 11:29:50
Message id: 20180506092950.2F8EAFBEC@cvs.NetBSD.org
Log Message:
Pullup ticket #5743 - requested by taca
www/contao35: security update

Revisions pulled up:
- www/contao35/Makefile                                         1.39
- www/contao35/distinfo                                         1.31

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 23 14:00:18 UTC 2018

   Modified Files:
   	pkgsrc/www/contao35: Makefile distinfo

   Log Message:
   www/contao35: update to 3.5.35

   Version 3.5.35 (2018-04-18)
   ---------------------------

   ### Fixed
   Fix an XSS vulnerability in the system log (see CVE-2018-10125).

   CVE-2018-10125

   With a manipulated request, an attacker can implant a script which is executed
   when a logged in back end user opens the system log.  The attacker themselves
   does not have to be logged in.

   The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
   4.5.7. We highly recommend you to update.

   To generate a diff of this commit:
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/www/contao35/Makefile
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/contao35/distinfo
Files:
RevisionActionfile
1.38.2.1modifypkgsrc/www/contao35/Makefile
1.30.2.1modifypkgsrc/www/contao35/distinfo