Fix a security vulnerabiliy which allows an attacker in the same

domain as the list admin to gain administrator privileges and alter
list settings.

VuXML:		http://vuxml.FreeBSD.org/be543d74-539a-11d9-a9e7-0001020eed82.html
Obtained from:	Debian
Approved by:	portmgr (krion), maintainer timeout

2 files changed, 13 insertions, 1 deletions

diff --git a/mail/ecartis/Makefile b/mail/ecartis/Makefile
index 8c4703b1c9f0..2a86351f4859 100644
--- a/mail/ecartis/Makefile
+++ b/mail/ecartis/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	ecartis
 PORTVERSION=	1.0.0.s20031228
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	1
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.ecartis.org/pub/ecartis/snapshots/tar/
diff --git a/mail/ecartis/files/patch-CAN-2004-0913 b/mail/ecartis/files/patch-CAN-2004-0913
new file mode 100644
index 000000000000..11ed9053f7fe
--- /dev/null
+++ b/mail/ecartis/files/patch-CAN-2004-0913
@@ -0,0 +1,12 @@
+--- modules/lsg2/lsg2-main.c.orig
++++ modules/lsg2/lsg2-main.c
+@@ -180,6 +180,9 @@
+    struct listserver_cgi_mode *curmode;
+    char *tbuf;
+
++   /* turn off loose host matching */
++   LMAPI->set_var("no-loose-domain-match", "yes", VAR_GLOBAL);
++
+    /* Generic header */
+
+    if (LMAPI->get_bool("lsg2-iis-support"))