pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2018Q1]: pkgsrc/mail Pullup ticket #5739 - requested by bsiegert
details: https://anonhg.NetBSD.org/pkgsrc/rev/f535f8f2a48b
branches: pkgsrc-2018Q1
changeset: 408474:f535f8f2a48b
user: spz <spz%pkgsrc.org@localhost>
date: Sun May 06 08:40:13 2018 +0000
description:
Pullup ticket #5739 - requested by bsiegert
mail/roundcube: security update
mail/roundcube-plugin-enigma: security update
mail/roundcube-plugin-password: security update
mail/roundcube-plugin-zipdownload: security update
Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo 1.8
- mail/roundcube-plugin-password/distinfo 1.8
- mail/roundcube-plugin-zipdownload/distinfo 1.8
- mail/roundcube/Makefile.common 1.8
- mail/roundcube/distinfo 1.59
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 23 13:55:00 UTC 2018
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-enigma: distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
pkgsrc/mail/roundcube-plugin-zipdownload: distinfo
Log Message:
mail/roundcube: update to 1.2.8
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages
with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-enigma/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-password/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
diffstat:
mail/roundcube-plugin-enigma/distinfo | 10 +++++-----
mail/roundcube-plugin-password/distinfo | 10 +++++-----
mail/roundcube-plugin-zipdownload/distinfo | 10 +++++-----
mail/roundcube/Makefile.common | 4 ++--
mail/roundcube/distinfo | 10 +++++-----
5 files changed, 22 insertions(+), 22 deletions(-)
diffs (81 lines):
diff -r 8091e8a08c2d -r f535f8f2a48b mail/roundcube-plugin-enigma/distinfo
--- a/mail/roundcube-plugin-enigma/distinfo Fri Apr 27 20:00:20 2018 +0000
+++ b/mail/roundcube-plugin-enigma/distinfo Sun May 06 08:40:13 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
diff -r 8091e8a08c2d -r f535f8f2a48b mail/roundcube-plugin-password/distinfo
--- a/mail/roundcube-plugin-password/distinfo Fri Apr 27 20:00:20 2018 +0000
+++ b/mail/roundcube-plugin-password/distinfo Sun May 06 08:40:13 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
diff -r 8091e8a08c2d -r f535f8f2a48b mail/roundcube-plugin-zipdownload/distinfo
--- a/mail/roundcube-plugin-zipdownload/distinfo Fri Apr 27 20:00:20 2018 +0000
+++ b/mail/roundcube-plugin-zipdownload/distinfo Sun May 06 08:40:13 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
diff -r 8091e8a08c2d -r f535f8f2a48b mail/roundcube/Makefile.common
--- a/mail/roundcube/Makefile.common Fri Apr 27 20:00:20 2018 +0000
+++ b/mail/roundcube/Makefile.common Sun May 06 08:40:13 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.7 2017/11/09 01:13:11 taca Exp $
+# $NetBSD: Makefile.common,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
#
# used by mail/roundcube/Makefile
# used by mail/roundcube/plugins.mk
@@ -9,7 +9,7 @@
GITHUB_PROJECT= roundcubemail
HOMEPAGE= http://roundcube.net/
-RC_VERS= 1.2.7
+RC_VERS= 1.2.8
USE_LANGUAGES= # none
USE_TOOLS+= pax
diff -r 8091e8a08c2d -r f535f8f2a48b mail/roundcube/distinfo
--- a/mail/roundcube/distinfo Fri Apr 27 20:00:20 2018 +0000
+++ b/mail/roundcube/distinfo Sun May 06 08:40:13 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.58 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.58.4.1 2018/05/06 08:40:13 spz Exp $
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227
SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668
SHA1 (patch-config_config.inc.php.sample) = 1c9751ba36394d592e7d3cdcc705010e0a4adda9
Home |
Main Index |
Thread Index |
Old Index