SECURITY update to phplist 2.10.18

"Desc: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site." Security issues require admin login.
2012-06-16 11:37:20 +00:00 · 2012-06-16 11:37:20 +00:00 · 4d751be561
commit 4d751be561
parent be5549b41f
2 changed files with 7 additions and 8 deletions
--- a/www/phplist/Makefile
+++ b/www/phplist/Makefile
@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.16 2011/12/15 10:14:05 sthen Exp $
+# $OpenBSD: Makefile,v 1.17 2012/06/16 11:37:20 sthen Exp $

 COMMENT=		web-based double opt-in newsletter manager

-DISTNAME=		phplist-2.10.17
-REVISION=		2
+DISTNAME=		phplist-2.10.18

 CATEGORIES=		www

--- a/www/phplist/distinfo
+++ b/www/phplist/distinfo
@ -1,5 +1,5 @@
-MD5 (phplist-2.10.17.tgz) = b4kXbMJKZzj392T6o4sSdQ==
-RMD160 (phplist-2.10.17.tgz) = k7rsOPDIMUQXGPkxKnp9gNx9K3w=
-SHA1 (phplist-2.10.17.tgz) = tr4kJLxCsF0jVplqeR+M8RA/EQ4=
-SHA256 (phplist-2.10.17.tgz) = hBOXZsnCFpyaIK6Gnwv+nXwyc5EmqwN+4vFT5XH8+jE=
-SIZE (phplist-2.10.17.tgz) = 2297323
+MD5 (phplist-2.10.18.tgz) = YuWJ20F+sDkfngd14jsDKw==
+RMD160 (phplist-2.10.18.tgz) = AaIfJ1oFYmceWFFBqyynzgFC3LE=
+SHA1 (phplist-2.10.18.tgz) = 5qCvEYa9ED/1OINMifmRm/jNxkM=
+SHA256 (phplist-2.10.18.tgz) = ChokbU9Uo0hAtgfcmo9X1w8HVr05rnvnXI10GTIBhZk=
+SIZE (phplist-2.10.18.tgz) = 2297328