Subject: CVS commit: [pkgsrc-2019Q3] pkgsrc/www/davical
From: Benny Siegert
Date: 2019-12-12 13:13:11
Message id: 20191212121311.E366FFA97@cvs.NetBSD.org
Log Message:
Pullup ticket #6100 - requested by hauke
www/davical: security fix

Revisions pulled up:
- www/davical/Makefile                                          1.42
- www/davical/PLIST                                             1.12
- www/davical/distinfo                                          1.17

---
   Module Name:    pkgsrc
   Committed By:   hauke
   Date:           Thu Dec 12 08:12:27 UTC 2019

   Modified Files:
            pkgsrc/www/davical: Makefile PLIST distinfo

   Log Message:
   Update www/davical to v1.1.9.2

    >From upstream's changelog:

   1.1.9.2:

   Bug Fixes

        Fix CSRF not being checked in collection-edit.php

   Other Changes

        use foreach() instead of deprecated each()

   1.1.9.1:

   Bug Fixes

        Corrects reflected cross-site scripting (XSS) vulnerability
        Corrects persistent XSS vulnerability in user/group/resource details
        Corrects persistent XSS vulnerability in user/group/resource list
        Adds token to address cross-site request forgery (CSRF) vulnerability
        Corrects syntax error in name of collection_id
        Make calquery aware of default timezone
        Corrections to range-based calendar queries
        Add missing 'break' to rrule.php

   Other Changes

        Updated PHP version requirement
Files:
RevisionActionfile
1.38.2.1modifypkgsrc/www/davical/Makefile
1.11.4.1modifypkgsrc/www/davical/PLIST
1.15.4.1modifypkgsrc/www/davical/distinfo