Subject: CVS commit: [pkgsrc-2018Q1] pkgsrc/www/contao44
From: S.P.Zeidler
Date: 2018-05-06 12:23:06
Message id: 20180506102306.9D539FBEC@cvs.NetBSD.org

Log Message:
Pullup ticket #5744 - requested by taca
www/contao44: security update

Revisions pulled up:
- www/contao44/Makefile                                         1.18
- www/contao44/PLIST                                            1.15
- www/contao44/distinfo                                         1.16

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 23 14:19:00 UTC 2018

   Modified Files:
   	pkgsrc/www/contao44: Makefile PLIST distinfo

   Log Message:
   www/contao44: update to 4.4.18

   Contao 4.4.17 (2018-04-04)

   Contao version 4.4.17 is available.  The bugfix release fixes a few minor
   issues including a problem with rendering custom layout sections.

   Contao 4.4.18 (2018-04-18)

   Contao version 4.4.18 is available.  The bugfix release fixes an XSS
   vulnerability in the system log of the back end (CVE-2018-10125).

   CVE-2018-10125

   With a manipulated request, an attacker can implant a script which is executed
   when a logged in back end user opens the system log.  The attacker themselves
   does not have to be logged in.

   The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
   4.5.7. We highly recommend you to update.

   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/contao44/Makefile
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/contao44/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/contao44/distinfo

Files:
RevisionActionfile
1.17.2.1modifypkgsrc/www/contao44/Makefile
1.14.2.1modifypkgsrc/www/contao44/PLIST
1.15.2.1modifypkgsrc/www/contao44/distinfo