Pullup ticket #5686 - requested by taca
www/contao35: security update

Revisions pulled up:
- www/contao35/Makefile                                        1.36
- www/contao35/PLIST                                            1.18
- www/contao35/distinfo                                        1.28

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 18 16:13:31 UTC 2018

  Modified Files:
  pkgsrc/www/contao35: Makefile PLIST distinfo

  Log Message:
  www/contao35: update to 3.5.32

  Contao 3.5.32 is available 2018/01/18 09:48 by Leo Feyer

  Contao version 3.5.32 is available. The bugfix release fixes an XSS
  vulnerability in the newsletter extension (CVE-2018-5478).

  CVE-2018-5478

  The vulnerability is in the "unsubscribe" module of the newsletter extension
  and can easily be exploited by anyone in the front end. We therefore strongly
  recommend you to update.

  The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle
  4.0.0 to 4.0.3.

  If you are not using the newsletter extension or the "unsubscribe" module,
  your installation is not affected by the vulnerability.

  To generate a diff of this commit:
  cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/contao35/Makefile
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/contao35/PLIST
  cvs rdiff -u -r1.27 -r1.28 pkgsrc/www/contao35/distinfo

(spz)