From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Feb 24 00:40:08 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D99016A420 for ; Fri, 24 Feb 2006 00:40:08 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0609843D46 for ; Fri, 24 Feb 2006 00:40:08 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1O0e7KA048573 for ; Fri, 24 Feb 2006 00:40:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1O0e75T048572; Fri, 24 Feb 2006 00:40:07 GMT (envelope-from gnats) Resent-Date: Fri, 24 Feb 2006 00:40:07 GMT Resent-Message-Id: <200602240040.k1O0e75T048572@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas Vogt Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F13816A420 for ; Fri, 24 Feb 2006 00:37:32 +0000 (GMT) (envelope-from thomas@bert.mlan.solnet.ch) Received: from bert.mlan.solnet.ch (bert.mlan.solnet.ch [212.101.1.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9912A43D45 for ; Fri, 24 Feb 2006 00:37:31 +0000 (GMT) (envelope-from thomas@bert.mlan.solnet.ch) Received: from bert.mlan.solnet.ch (localhost [127.0.0.1]) by bert.mlan.solnet.ch (8.13.4/8.13.4) with ESMTP id k1O0bMrv041785 for ; Fri, 24 Feb 2006 01:37:22 +0100 (CET) (envelope-from thomas@bert.mlan.solnet.ch) Received: (from thomas@localhost) by bert.mlan.solnet.ch (8.13.4/8.13.4/Submit) id k1O0bLlZ041784; Fri, 24 Feb 2006 01:37:21 +0100 (CET) (envelope-from thomas) Message-Id: <200602240037.k1O0bLlZ041784@bert.mlan.solnet.ch> Date: Fri, 24 Feb 2006 01:37:21 +0100 (CET) From: Thomas Vogt To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/93774: mail/squirrelmail update to 1.4.6 (security update) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas Vogt List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2006 00:40:08 -0000 >Number: 93774 >Category: ports >Synopsis: mail/squirrelmail update to 1.4.6 (security update) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Feb 24 00:40:07 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Thomas Vogt >Release: FreeBSD 6.1-PRERELEASE i386 >Organization: >Environment: System: FreeBSD bert.mlan.solnet.ch 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #2: Fri Feb 10 00:01:30 CET 2006 root@bert.mlan.solnet.ch:/usr/obj/usr/src/sys/UP6 i386 >Description: - This update fixes: IMAP injection in sqimap_mailbox_select mailbox parameter (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377) - Possible XSS in MagicHTML (IE only) (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195) - Possible XSS through right_frame parameter in webmail.php (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188) Please remove local port patches in squirrelmail/files: patch-class-deliver-Deliver.class.php patch-class-mime-Message.class.php patch-functions-imap_general.php patch-squirrelmail-stable.diff All this patches are included in Squirrelmail 1.4.6 >How-To-Repeat: >Fix: diff -u squirrelmail.orig/Makefile squirrelmail/Makefile --- squirrelmail.orig/Makefile Thu Feb 9 18:18:50 2006 +++ squirrelmail/Makefile Fri Feb 24 01:07:28 2006 @@ -6,13 +6,12 @@ # PORTNAME= squirrelmail -PORTVERSION?= 1.4.5 -PORTREVISION?= 3 +PORTVERSION?= 1.4.6 CATEGORIES?= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= squirrelmail DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ - all_locales-${PORTVERSION}-20050904${EXTRACT_SUFX} + all_locales-${PORTVERSION}-20060221${EXTRACT_SUFX} DIST_SUBDIR= squirrelmail MAINTAINER?= simond@irrelevant.org diff -u squirrelmail.orig/distinfo squirrelmail/distinfo --- squirrelmail.orig/distinfo Tue Nov 29 23:25:27 2005 +++ squirrelmail/distinfo Fri Feb 24 01:07:30 2006 @@ -1,6 +1,6 @@ -MD5 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = bcfe0c1d4049e9c26e0040b2fa3adb07 -SHA256 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 9e0d5ef38b490265e287fa600bcb326c87309189fdb4b973cf5515d3a397d126 -SIZE (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 480226 -MD5 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = f75557ad06787c15f92dff9fcfe30632 -SHA256 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 32919291f42c73795243963f137a75d88eb1aff79eed0fc5608f45f17c6d20ad -SIZE (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 2169815 +MD5 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 300ddcf66b7907a61b6e9404840e35de +SHA256 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 8694412708eeb1f4029a4850e69f4a6891b0959e6315572013f4db9d3addc9d3 +SIZE (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 484099 +MD5 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 29dfec2e0f71fba368a89c36c51881c2 +SHA256 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = e29b017deb84e7a3656ed846b2387911e4c7275e88fd3d6761528dbaa7510ac4 +SIZE (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 2448102 >Release-Note: >Audit-Trail: >Unformatted: