--- rpms/e-smith-manager/sme9/e-smith-manager.spec	2016/07/19 13:14:59	1.22
+++ rpms/e-smith-manager/sme9/e-smith-manager.spec	2017/01/17 00:01:32	1.24
@@ -1,10 +1,10 @@
-# $Id: e-smith-manager.spec,v 1.21 2016/07/19 13:12:36 unnilennium Exp $
+# $Id: e-smith-manager.spec,v 1.23 2016/07/19 13:47:57 unnilennium Exp $
 
 Summary: e-smith manager navigation module
 %define name e-smith-manager
 Name: %{name}
 %define version 2.6.0
-%define release 11
+%define release 13
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -15,6 +15,7 @@ Patch1: e-smith-manager-2.4.0-dont_rewri
 Patch2: e-smith-manager-2.4.0-newTKTsyntax.patch
 Patch3: e-smith-manager-2.6.0-no_index_for_manager_common.patch
 Patch4: e-smith-manager-2.6.0-Koozali_manager.patch
+Patch5: e-smith-manager-2.6.0-bz9920.badredirection.patch
 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
 BuildRequires: e-smith-devtools
 BuildRequires: gettext
@@ -28,7 +29,10 @@ Provides: server-manager
 AutoReqProv: no
 
 %changelog
-* Tue Jul 19 2016 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-11.sme
+* Mon Jan 16 2017 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-13.sme
+- fix bad redirection parameter that might reveal session information to remote site [SME: 9920]
+
+* Tue Jul 19 2016 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-12.sme
 - Update server-manager to Koozali branding [SME: 9678]
 - We thanks John Crisp for his wonderful work.
 - e-smith-manager-2.6.0-Koozali_manager.patch
@@ -699,6 +703,8 @@ This RPM contributes the navigation bars
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+
 
 %build
 perl createlinks