Date: Fri, 24 Feb 2006 01:37:21 +0100 (CET) From: Thomas Vogt <thomas@bsdunix.ch> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/93774: mail/squirrelmail update to 1.4.6 (security update) Message-ID: <200602240037.k1O0bLlZ041784@bert.mlan.solnet.ch> Resent-Message-ID: <200602240040.k1O0e75T048572@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93774 >Category: ports >Synopsis: mail/squirrelmail update to 1.4.6 (security update) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Feb 24 00:40:07 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Thomas Vogt >Release: FreeBSD 6.1-PRERELEASE i386 >Organization: >Environment: System: FreeBSD bert.mlan.solnet.ch 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #2: Fri Feb 10 00:01:30 CET 2006 root@bert.mlan.solnet.ch:/usr/obj/usr/src/sys/UP6 i386 >Description: - This update fixes: IMAP injection in sqimap_mailbox_select mailbox parameter (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377) - Possible XSS in MagicHTML (IE only) (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195) - Possible XSS through right_frame parameter in webmail.php (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188) Please remove local port patches in squirrelmail/files: patch-class-deliver-Deliver.class.php patch-class-mime-Message.class.php patch-functions-imap_general.php patch-squirrelmail-stable.diff All this patches are included in Squirrelmail 1.4.6 >How-To-Repeat: >Fix: diff -u squirrelmail.orig/Makefile squirrelmail/Makefile --- squirrelmail.orig/Makefile Thu Feb 9 18:18:50 2006 +++ squirrelmail/Makefile Fri Feb 24 01:07:28 2006 @@ -6,13 +6,12 @@ # PORTNAME= squirrelmail -PORTVERSION?= 1.4.5 -PORTREVISION?= 3 +PORTVERSION?= 1.4.6 CATEGORIES?= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= squirrelmail DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ - all_locales-${PORTVERSION}-20050904${EXTRACT_SUFX} + all_locales-${PORTVERSION}-20060221${EXTRACT_SUFX} DIST_SUBDIR= squirrelmail MAINTAINER?= simond@irrelevant.org diff -u squirrelmail.orig/distinfo squirrelmail/distinfo --- squirrelmail.orig/distinfo Tue Nov 29 23:25:27 2005 +++ squirrelmail/distinfo Fri Feb 24 01:07:30 2006 @@ -1,6 +1,6 @@ -MD5 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = bcfe0c1d4049e9c26e0040b2fa3adb07 -SHA256 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 9e0d5ef38b490265e287fa600bcb326c87309189fdb4b973cf5515d3a397d126 -SIZE (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 480226 -MD5 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = f75557ad06787c15f92dff9fcfe30632 -SHA256 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 32919291f42c73795243963f137a75d88eb1aff79eed0fc5608f45f17c6d20ad -SIZE (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 2169815 +MD5 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 300ddcf66b7907a61b6e9404840e35de +SHA256 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 8694412708eeb1f4029a4850e69f4a6891b0959e6315572013f4db9d3addc9d3 +SIZE (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 484099 +MD5 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 29dfec2e0f71fba368a89c36c51881c2 +SHA256 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = e29b017deb84e7a3656ed846b2387911e4c7275e88fd3d6761528dbaa7510ac4 +SIZE (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 2448102 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602240037.k1O0bLlZ041784>