Date: Mon, 22 Apr 2002 09:05:02 -0700 (PDT) From: Martin Perry <martin@raq.cx> To: freebsd-gnats-submit@freebsd.org Subject: ports/37345: Port Update Request: mail/imp: 2.2.7 -> 2.2.8 or 3.1 Message-ID: <200204221605.g3MG52g65859@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 37345
>Category: ports
>Synopsis: Port Update Request: mail/imp: 2.2.7 -> 2.2.8 or 3.1
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 22 09:30:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Martin Perry
>Release: 4.5-RELEASE-p4
>Organization:
>Environment:
FreeBSD dream.raq.cx 4.5-RELEASE-p4 FreeBSD 4.5-RELEASE-p4 #3: Mon Apr 22 14:39:08 BST 2002 martin@dream.raq.cx:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Would it be possible to update the IMP port to the latest version, apparantely there is a security problem with 2.2.7 the current version in the ports tree. Here's a quote from the authors web site:
2002-04-06
IMP 2.2.8 and Horde 1.2.8 (SECURITY) have been released.
Download from ftp://ftp.horde.org/pub/horde/ and ftp://ftp.horde.org/pub/imp/
This version prevents some potential cross-site scripting (CSS) attacks. If an upgrade to IMP 3 is not possible, administrators of IMP 2.2.x production systems are encouraged to upgrade to prevent this attack against your systems.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204221605.g3MG52g65859>