ports/85567: [maintainer] net/phpldapadmin -- security update to 0.9.7-alpha6

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Sep 1 13:00:41 UTC 2005 

>Number:         85567
>Category:       ports
>Synopsis:       [maintainer] net/phpldapadmin -- security update to 0.9.7-alpha6
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 01 13:00:39 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 6.0-BETA3 i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lack-of-gravitas.thebunker.net 6.0-BETA3 FreeBSD 6.0-BETA3 #3: Tue Aug 30 13:36:31 BST 2005 root at lack-of-gravitas.thebunker.net:/usr/obj/usr/src/sys/LACK-OF-GRAVITAS i386


	
>Description:

Security update to version 0.9.7-alpha6 which closes the
vulnerabilities mentioned in:

    http://secunia.com/advisories/16617/
    http://secunia.com/advisories/16611/

(16617 in particular allows remote access to arbitrary files on the
web server or uploading files from an arbitrary location and executing
them in the context of the PHP interpreter in the httpd.  Nasty.)

The following patches can be applied as a workaround if you don't want
to upgrade from 0.9.6c just yet:

    http://cvs.sourceforge.net/viewcvs.py/phpldapadmin/phpldapadmin/login.php?r1=1.45&r2=1.46
    http://cvs.sourceforge.net/viewcvs.py/phpldapadmin/phpldapadmin/welcome.php?r1=1.20&r2=1.21


>How-To-Repeat:
	
>Fix:

	

--- phpldapadmin.diff begins here ---
diff -Nur /usr/ports/net/phpldapadmin/Makefile phpldapadmin/Makefile
--- /usr/ports/net/phpldapadmin/Makefile	Tue Jun 14 08:48:53 2005
+++ phpldapadmin/Makefile	Thu Sep  1 13:22:39 2005
@@ -6,11 +6,12 @@
 #
 
 PORTNAME=	phpldapadmin
-PORTVERSION=	0.9.6c
+PORTVERSION=	0.9.7.a6
 PORTEPOCH=	1
 CATEGORIES=	net www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpldapadmin
+DISTNAME=	${PORTNAME}-${PORTVERSION:C/\.a(.)/-alpha\1/}
 
 MAINTAINER=	m.seaman at infracaninophile.co.uk
 COMMENT=	A set of PHP-scripts to administer LDAP servers over the web
diff -Nur /usr/ports/net/phpldapadmin/distinfo phpldapadmin/distinfo
--- /usr/ports/net/phpldapadmin/distinfo	Tue Jun  7 09:00:11 2005
+++ phpldapadmin/distinfo	Thu Sep  1 13:23:03 2005
@@ -1,2 +1,2 @@
-MD5 (phpldapadmin-0.9.6c.tar.gz) = 8404fa6f0ad3185cc9353c94bf44ae56
-SIZE (phpldapadmin-0.9.6c.tar.gz) = 707109
+MD5 (phpldapadmin-0.9.7-alpha6.tar.gz) = 08109739708f5b00c197422fb883a7b9
+SIZE (phpldapadmin-0.9.7-alpha6.tar.gz) = 739882
--- phpldapadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list