Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id EFB807ABFC for ; Sat, 30 Jan 2016 23:54:21 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 6C05D85F1D; Sat, 30 Jan 2016 23:54:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id ED69485F02 for ; Sat, 30 Jan 2016 23:54:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id MIh_FYHfpGl0 for ; Sat, 30 Jan 2016 23:54:20 +0000 (UTC) Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 8D22085ECA for ; Sat, 30 Jan 2016 23:54:20 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 83980FBB7; Sat, 30 Jan 2016 23:54:20 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Sat, 30 Jan 2016 23:54:20 +0000 From: "Ryo ONODERA" Subject: CVS commit: pkgsrc/devel/rt4 To: pkgsrc-changes@NetBSD.org Reply-To: ryoon@netbsd.org X-Mailer: log_accum Message-Id: <20160130235420.83980FBB7@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: ryoon Date: Sat Jan 30 23:54:20 UTC 2016 Modified Files: pkgsrc/devel/rt4: INSTALL MESSAGE Makefile PLIST distinfo Log Message: Update to 4.2.12 Changelog: This release is a security release which addresses the following vulnerabilities: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/rt4/INSTALL cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/rt4/MESSAGE cvs rdiff -u -r1.21 -r1.22 pkgsrc/devel/rt4/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/rt4/PLIST cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/rt4/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.