Diffusion FreeBSD ports repository ad5f302a4937

www/kanboard: update to 1.2.30
ad5f302a4937
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

www/kanboard: update to 1.2.30

ChangeLog: https://github.com/kanboard/kanboard/releases/tag/v1.2.30

CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
CVE-2023-33969: Stored XSS in the Task External Link Functionality
CVE-2023-33970: Missing access control in internal task links feature
Avoid PHP warning caused by session_regenerate_id()
Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions

Reported by: portscout
MFH: 2023Q2 (security release)
Security: CVE-2023-33956 CVE-2023-33968 CVE-2023-33969 CVE-2023-33970

Details

Provenance

Authored on Jun 5 2023, 6:31 AM

Parents

R11:d42616550eff: deskutils/calcurse: Update to 4.8.1

Branches

Unknown

Tags

Unknown

Event Timeline

fernape committed R11:ad5f302a4937: www/kanboard: update to 1.2.30 (authored by fernape).Jun 6 2023, 12:02 PM

fernape mentioned this in R11:fa79df5d45ca: www/kanboard: update to 1.2.30.Jun 6 2023, 12:09 PM

Changes (2)

Path

Size

www/

kanboard/

R11:ad5f302a4937

www/kanboard/Makefile

Loading...

www/kanboard/distinfo

Loading...