CVS commit: pkgsrc/devel/rt4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/devel/rt4
From: "Ryo ONODERA" <ryoon%netbsd.org@localhost>
Date: Sat, 30 Jan 2016 23:54:20 +0000

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Sat Jan 30 23:54:20 UTC 2016

Modified Files:
        pkgsrc/devel/rt4: INSTALL MESSAGE Makefile PLIST distinfo

Log Message:
Update to 4.2.12

Changelog:
This release is a security release which addresses the following
vulnerabilities:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages.  This vulnerability is assigned
CVE-2015-5475.  It was discovered and reported by Marcin KopeÄ‡ at Data Reliance
Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface.  This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/rt4/INSTALL
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/rt4/MESSAGE
cvs rdiff -u -r1.21 -r1.22 pkgsrc/devel/rt4/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/rt4/PLIST
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/rt4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index