From 4d751be561aa8050c4734e87bee7cff6810cb9da Mon Sep 17 00:00:00 2001 From: sthen Date: Sat, 16 Jun 2012 11:37:20 +0000 Subject: [PATCH] SECURITY update to phplist 2.10.18 "Desc: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site." Security issues require admin login. --- www/phplist/Makefile | 5 ++--- www/phplist/distinfo | 10 +++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/www/phplist/Makefile b/www/phplist/Makefile index a633430bdce..b003795d296 100644 --- a/www/phplist/Makefile +++ b/www/phplist/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.16 2011/12/15 10:14:05 sthen Exp $ +# $OpenBSD: Makefile,v 1.17 2012/06/16 11:37:20 sthen Exp $ COMMENT= web-based double opt-in newsletter manager -DISTNAME= phplist-2.10.17 -REVISION= 2 +DISTNAME= phplist-2.10.18 CATEGORIES= www diff --git a/www/phplist/distinfo b/www/phplist/distinfo index 6c809d5a57b..fc78307589f 100644 --- a/www/phplist/distinfo +++ b/www/phplist/distinfo @@ -1,5 +1,5 @@ -MD5 (phplist-2.10.17.tgz) = b4kXbMJKZzj392T6o4sSdQ== -RMD160 (phplist-2.10.17.tgz) = k7rsOPDIMUQXGPkxKnp9gNx9K3w= -SHA1 (phplist-2.10.17.tgz) = tr4kJLxCsF0jVplqeR+M8RA/EQ4= -SHA256 (phplist-2.10.17.tgz) = hBOXZsnCFpyaIK6Gnwv+nXwyc5EmqwN+4vFT5XH8+jE= -SIZE (phplist-2.10.17.tgz) = 2297323 +MD5 (phplist-2.10.18.tgz) = YuWJ20F+sDkfngd14jsDKw== +RMD160 (phplist-2.10.18.tgz) = AaIfJ1oFYmceWFFBqyynzgFC3LE= +SHA1 (phplist-2.10.18.tgz) = 5qCvEYa9ED/1OINMifmRm/jNxkM= +SHA256 (phplist-2.10.18.tgz) = ChokbU9Uo0hAtgfcmo9X1w8HVr05rnvnXI10GTIBhZk= +SIZE (phplist-2.10.18.tgz) = 2297328