Sergey Matveychuk wrote:
sem 2005-11-28 07:30:34 UTC
FreeBSD ports repository
Modified files:
www/joomla Makefile distinfo pkg-plist
Log:
- Update to 1.0.4
It fixes 6 Security Vunerabilities:
Critical Level Threats
Potentional XSS injection through GET and other variables
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Hardened SEF against XSS injection
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Low Level Threats
Potential SQL injection in Polls modules through the Itemid variable
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Potential SQL injection in several methods in mosDBTable class
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Potential misuse of Media component file management functions
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Add search limit param (default of 50) to `Search` Mambots to prevent search
flooding
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
PR: ports/89596
Submitted by: Francisco Alves Cabrita (maintainer)
Hi Sem,
Thanks for updating Joomla, but please use Security:
tags in your commit msg if it regards security updates.
That way automated scripts can easily spot what kind of update
this was.
It would also have been great if there was a pointer to the
issue like an announcement or something :-)
Cheers,
Remko
--
Kind regards,
Remko Lodder ** [EMAIL PROTECTED]
FreeBSD ** [EMAIL PROTECTED]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
