ports/126065: [MAINTAINER] www/pivot-weblog: update to 1.40.6

Hans Fredrik Nordhaug hans at nordhaug.priv.no
Tue Jul 29 06:40:02 UTC 2008 

>Number:         126065
>Category:       ports
>Synopsis:       [MAINTAINER] www/pivot-weblog: update to 1.40.6
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 29 06:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Hans Fredrik Nordhaug
>Release:        FreeBSD 6.3-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD nordhaug.priv.no 6.3-RELEASE-p3 
>Description:
- Update to 1.40.6

This is a security update fixing CVE-2008-3128 - a directory traversal vulnerability in all prior Pivot 
1.40.x releases that for examples allows an attacker to read the usernames and password hashes of the
Pivot installation.

It also contains other various fixes and improvements, but no new features.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- pivot-weblog-1.40.6.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/Makefile /usr/ports/www/pivot-weblog.new/Makefile
--- /usr/ports/www/pivot-weblog/Makefile	2008-04-25 17:14:41.000000000 +0200
+++ /usr/ports/www/pivot-weblog.new/Makefile	2008-07-16 18:39:53.000000000 +0200
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	pivot-weblog
-PORTVERSION=	1.40.5
+PORTVERSION=	1.40.6
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
-DISTNAME=	pivot_1405_full
+DISTNAME=	pivot_1406_full
 
 MAINTAINER=	hans at nordhaug.priv.no
 COMMENT=	A web-based tool to help you maintain weblogs (or other dynamic sites)
diff -ruN --exclude=CVS /usr/ports/www/pivot-weblog/distinfo /usr/ports/www/pivot-weblog.new/distinfo
--- /usr/ports/www/pivot-weblog/distinfo	2008-04-25 17:14:41.000000000 +0200
+++ /usr/ports/www/pivot-weblog.new/distinfo	2008-07-29 08:07:01.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 (pivot_1405_full.zip) = 2a403301adfd5c08a53235d19db25897
-SHA256 (pivot_1405_full.zip) = 010043940c69b153796fdadbbed847a5bcf4246419d1b2de9edf9dddd8887346
-SIZE (pivot_1405_full.zip) = 2223749
+MD5 (pivot_1406_full.zip) = 126d19b9f1e76c40c372609ef0d6f08d
+SHA256 (pivot_1406_full.zip) = 57007d0f81e695cb19510a11a07e8a3436ff319e927119d703f11ad49f0990a1
+SIZE (pivot_1406_full.zip) = 2224093
--- pivot-weblog-1.40.6.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list