---
- branch: MAIN
  date: Wed Jun 13 12:57:47 UTC 2018
  files:
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/www/passenger/Makefile
    pathrev: pkgsrc/www/passenger/Makefile@1.3
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/www/passenger/PLIST
    pathrev: pkgsrc/www/passenger/PLIST@1.3
    type: modified
  - new: '1.7'
    old: '1.6'
    path: pkgsrc/www/passenger/Makefile.common
    pathrev: pkgsrc/www/passenger/Makefile.common@1.7
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/www/passenger/distinfo
    pathrev: pkgsrc/www/passenger/distinfo@1.8
    type: modified
  id: 20180613T125747Z.323c41fd09efe3c9d6a35b49fa551090689c6f5f
  log: |
    www/passenger: Update to 5.3.2.

    - [Nginx] Fixes CVE-2018-12029, a local privilege escalation
      vulnerability in the Nginx module that occurs when
      `passenger_instance_registry_dir` is configured to a directory
      with insufficiently strict permissions.
    - Fixes CVE-2018-12026, 12027, and 12028. These are local denial of
      service, local information disclosure and local privilege escalation
      vulnerabilities that could be exploited by malicious applications or
      malicious users on the system.
    - Fixes Meteor support in non-bundled mode (regression from 5.3.0).
    - Fixes the fact that the error page (which is shown when an app fails
      to spawn) sometimes contains unsufficient analysis details about the
      app.
    - [Apache] Fixes PassengerMaxInstancesPerApp not being respected
      (regression from config refactor in 5.2.0).
    - [Enterprise, Apache] Fixes PassengerMaxInstances not being respected
      (regression from config refactor in 5.2.0).
    - [Enterprise] Fixes passenger-irb being unable to connect to an app
      process (regression from 5.3.0).
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/passenger'
  unixtime: '1528894667'
  user: fhajny