[pkgsrc/trunk]: pkgsrc/mail/roundcube Update to version 2.0beta2.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/mail/roundcube Update to version 2.0beta2.
From: ahoka <ahoka%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 07:05:04 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b95d2d68eab9
branches:  trunk
changeset: 552038:b95d2d68eab9
user:      ahoka <ahoka%pkgsrc.org@localhost>
date:      Tue Dec 23 23:26:38 2008 +0000

description:
Update to version 2.0beta2.

This update fixes a serious security flaw, which can lead to arbitrary
command execution on the server running roundcube.

I could not find a formal changelog, but here's what the website writes:
 There were two security issues reported which are now fixed. The first was as
 possible code injection using the html2text conversion script. The other
 exploit used the unchecked size parameters of the quota image to let PHP
 create huge images eating up all the server memory.

diffstat:

 mail/roundcube/Makefile |  4 ++--
 mail/roundcube/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (34 lines):

diff -r 177e1d7b4568 -r b95d2d68eab9 mail/roundcube/Makefile
--- a/mail/roundcube/Makefile   Tue Dec 23 22:47:01 2008 +0000
+++ b/mail/roundcube/Makefile   Tue Dec 23 23:26:38 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2008/10/02 15:47:15 schmonz Exp $
+# $NetBSD: Makefile,v 1.13 2008/12/23 23:26:38 ahoka Exp $
 #
 
 DISTNAME=      roundcubemail-${RCVERSION}-dep
@@ -13,7 +13,7 @@
 USE_TOOLS+=    pax
 USE_LANGUAGES= # none
 NO_BUILD=      yes
-RCVERSION=     0.2-beta
+RCVERSION=     0.2-beta2
 VERSION=       ${RCVERSION:S/-//}
 
 .include "../../mk/bsd.prefs.mk"
diff -r 177e1d7b4568 -r b95d2d68eab9 mail/roundcube/distinfo
--- a/mail/roundcube/distinfo   Tue Dec 23 22:47:01 2008 +0000
+++ b/mail/roundcube/distinfo   Tue Dec 23 23:26:38 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2008/10/02 15:47:15 schmonz Exp $
+$NetBSD: distinfo,v 1.9 2008/12/23 23:26:38 ahoka Exp $
 
-SHA1 (roundcubemail-0.2-beta-dep.tar.gz) = eb37b1000aadcffa9eecb8e01f311906fd7a9bd1
-RMD160 (roundcubemail-0.2-beta-dep.tar.gz) = 76b75b1decbcb5a9250cc413eafb3818fe10353a
-Size (roundcubemail-0.2-beta-dep.tar.gz) = 1126334 bytes
+SHA1 (roundcubemail-0.2-beta2-dep.tar.gz) = 21ddfc98b561348adc859e7b5701bfa050185582
+RMD160 (roundcubemail-0.2-beta2-dep.tar.gz) = 2bac95dff178ab0bc6ea9e0dde1cbacfc642c1b3
+Size (roundcubemail-0.2-beta2-dep.tar.gz) = 1127097 bytes
 SHA1 (patch-aa) = 9e3821f745cfbec7fd2fb2783ff57e570cfd4457
 SHA1 (patch-ab) = 9e81e117952150f363265bbda11cae9eb7d77c08
 SHA1 (patch-ac) = df56f22ca7f5d932bc1b43d1e4b0a1d2f193a24b

Prev by Date: [pkgsrc/trunk]: pkgsrc/audio/pulseaudio Fix build on NetBSD 4.0.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated mail/sylpheed to 2.6.0
Previous by Thread: [pkgsrc/trunk]: pkgsrc/audio/pulseaudio Fix build on NetBSD 4.0.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated mail/sylpheed to 2.6.0
Indexes:

Home | Main Index | Thread Index | Old Index