---
- branch: MAIN
  date: Mon Apr 23 14:19:00 UTC 2018
  files:
  - new: '1.18'
    old: '1.17'
    path: pkgsrc/www/contao44/Makefile
    pathrev: pkgsrc/www/contao44/Makefile@1.18
    type: modified
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/www/contao44/PLIST
    pathrev: pkgsrc/www/contao44/PLIST@1.15
    type: modified
  - new: '1.16'
    old: '1.15'
    path: pkgsrc/www/contao44/distinfo
    pathrev: pkgsrc/www/contao44/distinfo@1.16
    type: modified
  id: 20180423T141900Z.f9466155c66830e4434bbf0c32d3eb55da05cda9
  log: |
    www/contao44: update to 4.4.18

    Contao 4.4.17 (2018-04-04)

    Contao version 4.4.17 is available.  The bugfix release fixes a few minor
    issues including a problem with rendering custom layout sections.

    Contao 4.4.18 (2018-04-18)

    Contao version 4.4.18 is available.  The bugfix release fixes an XSS
    vulnerability in the system log of the back end (CVE-2018-10125).

    CVE-2018-10125

    With a manipulated request, an attacker can implant a script which is executed
    when a logged in back end user opens the system log.  The attacker themselves
    does not have to be logged in.

    The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
    4.5.7. We highly recommend you to update.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/contao44'
  unixtime: '1524493140'
  user: taca