From d853d81eddaac49039ba476a8d7f1cf8a84c7a86 Mon Sep 17 00:00:00 2001 From: Eitan Adler Date: Mon, 5 Sep 2011 15:55:38 +0000 Subject: [PATCH] - Update to 1.2.7 PR: ports/160368 Submitted by: gjb Approved by: dvl (maintainer), bapt (mentor) Security: CVE-2011-2938 --- databases/mantis/Makefile | 2 +- databases/mantis/distinfo | 4 ++-- databases/mantis/pkg-plist | 19 +++++++++++++++++++ security/vuxml/vuln.xml | 24 ++++++++++++++++++++++++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/databases/mantis/Makefile b/databases/mantis/Makefile index 909d123dfcd5..c48eb6a4382e 100644 --- a/databases/mantis/Makefile +++ b/databases/mantis/Makefile @@ -6,7 +6,7 @@ # PORTNAME= mantis -PORTVERSION= 1.2.5 +PORTVERSION= 1.2.7 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION} DISTNAME= mantisbt-${PORTVERSION} diff --git a/databases/mantis/distinfo b/databases/mantis/distinfo index b80dcd4ddc32..fee9580cca71 100644 --- a/databases/mantis/distinfo +++ b/databases/mantis/distinfo @@ -1,2 +1,2 @@ -SHA256 (mantisbt-1.2.5.tar.gz) = 61ee5f65ec3bde92ee918934a5f463a5af6a603ff2684cf7125a6925bb802efe -SIZE (mantisbt-1.2.5.tar.gz) = 3331571 +SHA256 (mantisbt-1.2.7.tar.gz) = ea6cf74c079144fbb9b3b1fdcdcc082177cd42efdada1ee64faa15911b209304 +SIZE (mantisbt-1.2.7.tar.gz) = 3366560 diff --git a/databases/mantis/pkg-plist b/databases/mantis/pkg-plist index 1d6b88400df3..43787007f96e 100644 --- a/databases/mantis/pkg-plist +++ b/databases/mantis/pkg-plist @@ -46,6 +46,7 @@ %%WWWDIR%%/api/soap/mc_issue_attachment_api.php %%WWWDIR%%/api/soap/mc_project_api.php %%WWWDIR%%/api/soap/mc_project_attachment_api.php +%%WWWDIR%%/api/soap/mc_user_pref_api.php %%WWWDIR%%/billing_inc.php %%WWWDIR%%/billing_page.php %%WWWDIR%%/browser_search_plugin.php @@ -894,6 +895,7 @@ %%WWWDIR%%/news_update.php %%WWWDIR%%/news_view_page.php %%WWWDIR%%/permalink_page.php +%%WWWDIR%%/phing/tasks/mantisbt/ExtractMantisBTVersion.php %%WWWDIR%%/plugin.php %%WWWDIR%%/plugin_file.php %%WWWDIR%%/plugins/MantisCoreFormatting/MantisCoreFormatting.php @@ -903,7 +905,9 @@ %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_breton.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_bulgarian.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_catalan.txt +%%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_czech.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_chinese_simplified.txt +%%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_chinese_traditional.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_dutch.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_english.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_finnish.txt @@ -915,6 +919,7 @@ %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_interlingua.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_italian.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_japanese.txt +%%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_lithuanian.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_macedonian.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_norwegian_bokmal.txt %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_occitan.txt @@ -937,10 +942,12 @@ %%WWWDIR%%/plugins/MantisGraph/core/graph_api.php %%WWWDIR%%/plugins/MantisGraph/lang/strings_arabic.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_arabicegyptianspoken.txt +%%WWWDIR%%/plugins/MantisGraph/lang/strings_belarusian_tarask.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_breton.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_bulgarian.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_catalan.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_chinese_simplified.txt +%%WWWDIR%%/plugins/MantisGraph/lang/strings_chinese_traditional.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_czech.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_dutch.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_english.txt @@ -969,6 +976,7 @@ %%WWWDIR%%/plugins/MantisGraph/lang/strings_swedish.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_swissgerman.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_tagalog.txt +%%WWWDIR%%/plugins/MantisGraph/lang/strings_turkish.txt %%WWWDIR%%/plugins/MantisGraph/lang/strings_vietnamese.txt %%WWWDIR%%/plugins/MantisGraph/pages/bug_graph_bycategory.php %%WWWDIR%%/plugins/MantisGraph/pages/bug_graph_bystatus.php @@ -1005,9 +1013,12 @@ %%WWWDIR%%/plugins/XmlImportExport/XmlImportExport.php %%WWWDIR%%/plugins/XmlImportExport/lang/strings_afrikaans.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_arabic.txt +%%WWWDIR%%/plugins/XmlImportExport/lang/strings_belarusian_tarask.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_breton.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_catalan.txt +%%WWWDIR%%/plugins/XmlImportExport/lang/strings_czech.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_chinese_simplified.txt +%%WWWDIR%%/plugins/XmlImportExport/lang/strings_chinese_traditional.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_dutch.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_english.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_finnish.txt @@ -1019,6 +1030,7 @@ %%WWWDIR%%/plugins/XmlImportExport/lang/strings_interlingua.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_italian.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_japanese.txt +%%WWWDIR%%/plugins/XmlImportExport/lang/strings_lithuanian.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_macedonian.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_norwegian_bokmal.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_occitan.txt @@ -1028,6 +1040,7 @@ %%WWWDIR%%/plugins/XmlImportExport/lang/strings_russian.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_slovak.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_spanish.txt +%%WWWDIR%%/plugins/XmlImportExport/lang/strings_swedish.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_swissgerman.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_tagalog.txt %%WWWDIR%%/plugins/XmlImportExport/lang/strings_turkish.txt @@ -1092,7 +1105,10 @@ %%WWWDIR%%/tests/soap/IssueUpdateTest.php %%WWWDIR%%/tests/soap/LoginTest.php %%WWWDIR%%/tests/soap/ProjectTest.php +%%WWWDIR%%/tests/soap/RelationshipTest.php %%WWWDIR%%/tests/soap/SoapBase.php +%%WWWDIR%%/tests/soap/UserTest.php +%%WWWDIR%%/tests/soap/VersionTest.php %%WWWDIR%%/tests/test.php %%WWWDIR%%/tests/test_config_get_set.php %%WWWDIR%%/verify.php @@ -1120,6 +1136,9 @@ @dirrm %%WWWDIR%%/plugins/MantisCoreFormatting/lang @dirrm %%WWWDIR%%/plugins/MantisCoreFormatting @dirrm %%WWWDIR%%/plugins +@dirrm %%WWWDIR%%/phing/tasks/mantisbt +@dirrm %%WWWDIR%%/phing/tasks +@dirrm %%WWWDIR%%/phing @dirrm %%WWWDIR%%/library/utf8/utils @dirrm %%WWWDIR%%/library/utf8/native @dirrm %%WWWDIR%%/library/utf8/mbstring diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9f1faedfc2a7..46711d790a53 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,30 @@ Note: Please add new entries to the beginning of this file. --> + + XSS issue in MantisBT + + + mantis + 1.2.01.2.7 + + + + +
+ Net.Edit0r from BlACK Hat Group reported an XSS issue in search.php. All MantisBT users (including anonymous users that are not logged in to public bug trackers) could be impacted by this vulnerability. +
+ + + + ports/160368 + CVE-2011-2938 + + + 2011-08-18 + 2011-09-05 + + security/cfs -- buffer overflow