Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #5745 - requested by taca
www/contao45: security update
Revisions pulled up:
- www/contao45/Makefile 1.6
- www/contao45/PLIST 1.6
- www/contao45/distinfo 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 23 14:30:45 UTC 2018
Modified Files:
pkgsrc/www/contao45: Makefile PLIST distinfo
Log Message:
www/contao45: update to 4.5.8
Contao 4.5.7 (2018-04-04)
Contao version 4.5.7 is available. The bugfix release fixes a few minor
issues including a problem with validating the request token and a problem
with rendering custom layout sections.
Contao 4.5.8 (2018-04-18)
Contao version 4.5.8 is available. The bugfix release fixes an XSS
vulnerability in the system log of the back end (CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/contao45/Makefile \
pkgsrc/www/contao45/PLIST pkgsrc/www/contao45/distinfo
| Revision | Action | file |
| 1.5.2.1 | modify | pkgsrc/www/contao45/Makefile |
| 1.5.2.1 | modify | pkgsrc/www/contao45/PLIST |
| 1.5.2.1 | modify | pkgsrc/www/contao45/distinfo |