Security update to 0.11

ChangeLog:

0.11    2012-07-03  Alex Vandiver
	* Obfuscate passwords in RT's System Configuration page
	* Set an empty CurrentUser on failure, instead of removing it entirely

0.10_01 2012-02-23  Thomas Sibley
	* Escape usernames in filter values so special characters don't die

0.10 2012-02-17  Thomas Sibley
     * Silence confusing log messages when $ExternalInfoPriority is empty

0.09_03 2012-01-27	 Thomas Sibley
	* Fetch the necessary attributes when group_attr_value is used
	* Test escaping of commas during the group check

0.09_02 2012-01-26	Thomas Sibley
	* Improved logging inside the LDAP group membership check

0.09_01 2012-01-23 Thomas Sibley
	* Improved logic when dealing with Disabled/disabling users
	* Configurable group membership attribute values
	* Group membership tests

Security Advisory:

    http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html

Approved by:	shaun (mentor)
Security:	cdc4ff0e-d736-11e1-8221-e0cb4e266481

3 files changed, 36 insertions, 4 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 72df9982b775..f8a77115f6cf 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -52,6 +52,39 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="cdc4ff0e-d736-11e1-8221-e0cb4e266481">
+    <topic>p5-RT-Authen-ExternalAuth -- privilege escalation</topic>
+    <affects>
+      <package>
+	<name>p5-RT-Authen-ExternalAuth</name>
+	<range><lt>0.11</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The RT development team reports:</p>
+	<blockquote cite="http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html">
+	  <p>RT::Authen::ExternalAuth 0.10 and below (for all versions
+	  of RT) are vulnerable to an escalation of privilege attack
+	  where the URL of a RSS feed of the user can be used to
+	  acquire a fully logged-in session as that user.
+	  CVE-2012-2770 has been assigned to this vulnerability.</p>
+	  <p>Users of RT 3.8.2 and above should upgrade to
+	  RT::Authen::ExternalAuth 0.11, which resolves this
+	  vulnerability.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html</url>
+      <cvename>CVE-2012-2770</cvename>
+    </references>
+    <dates>
+      <discovery>2012-07-25</discovery>
+      <entry>2012-07-26</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="c7fa3618-d5ff-11e1-90a2-000c299b62e1">
     <topic>isc-dhcp -- multiple vulnerabilities</topic>
     <affects>
diff --git a/www/p5-RT-Authen-ExternalAuth/Makefile b/www/p5-RT-Authen-ExternalAuth/Makefile
index fe526e890f19..fc6a63e484e8 100644
--- a/www/p5-RT-Authen-ExternalAuth/Makefile
+++ b/www/p5-RT-Authen-ExternalAuth/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	RT-Authen-ExternalAuth
-DISTVERSION=	0.09
-PORTREVISION=	2
+DISTVERSION=	0.11
 CATEGORIES=	www net perl5
 MASTER_SITES=	CPAN
 MASTER_SITE_SUBDIR=	CPAN:FALCONE
diff --git a/www/p5-RT-Authen-ExternalAuth/distinfo b/www/p5-RT-Authen-ExternalAuth/distinfo
index 9d520c835f4f..a4589836e55a 100644
--- a/www/p5-RT-Authen-ExternalAuth/distinfo
+++ b/www/p5-RT-Authen-ExternalAuth/distinfo
@@ -1,2 +1,2 @@
-SHA256 (RT-Authen-ExternalAuth-0.09.tar.gz) = 4b2fd506f55c69b126c191c330f4bdd89ccec364077e1fd035610d19f38319bc
-SIZE (RT-Authen-ExternalAuth-0.09.tar.gz) = 56056
+SHA256 (RT-Authen-ExternalAuth-0.11.tar.gz) = 42859c5d5bdf7b95f9f408ab70f8589a1c2c3c2cdd53d9d405658f4d08fd549e
+SIZE (RT-Authen-ExternalAuth-0.11.tar.gz) = 62805