Path to this page:
Subject: CVS commit: [pkgsrc-2017Q4] pkgsrc/www/contao35
From: S.P.Zeidler
Date: 2018-01-19 23:11:35
Message id: 20180119221135.E35FFFBDE@cvs.NetBSD.org
Log Message:
Pullup ticket #5686 - requested by taca
www/contao35: security update
Revisions pulled up:
- www/contao35/Makefile 1.36
- www/contao35/PLIST 1.18
- www/contao35/distinfo 1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 18 16:13:31 UTC 2018
Modified Files:
pkgsrc/www/contao35: Makefile PLIST distinfo
Log Message:
www/contao35: update to 3.5.32
Contao 3.5.32 is available 2018/01/18 09:48 by Leo Feyer
Contao version 3.5.32 is available. The bugfix release fixes an XSS
vulnerability in the newsletter extension (CVE-2018-5478).
CVE-2018-5478
The vulnerability is in the "unsubscribe" module of the newsletter \
extension
and can easily be exploited by anyone in the front end. We therefore strongly
recommend you to update.
The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle
4.0.0 to 4.0.3.
If you are not using the newsletter extension or the "unsubscribe" \
module,
your installation is not affected by the vulnerability.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/contao35/PLIST
cvs rdiff -u -r1.27 -r1.28 pkgsrc/www/contao35/distinfo
Files: