pkgsrc-changes: CVS commit: [pkgsrc-2007Q3] pkgsrc/mail/squirrelmail

Subject: CVS commit: [pkgsrc-2007Q3] pkgsrc/mail/squirrelmail
To: None <pkgsrc-changes@NetBSD.org>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-changes
Date: 12/17/2007 15:38:57

Module Name:	pkgsrc
Committed By:	ghen
Date:		Mon Dec 17 15:38:57 UTC 2007

Modified Files:
	pkgsrc/mail/squirrelmail [pkgsrc-2007Q3]: Makefile PLIST distinfo
	    options.mk

Log Message:
Pullup ticket 2246 - requested by martti
security update for squirrelmail

- pkgsrc/mail/squirrelmail/Makefile			1.96, 1.97
- pkgsrc/mail/squirrelmail/PLIST			1.25
- pkgsrc/mail/squirrelmail/distinfo			1.45, 1.46
- pkgsrc/mail/squirrelmail/options.mk			1.7

   Module Name:		pkgsrc
   Committed By:	martti
   Date:		Fri Dec 14 20:44:35 UTC 2007

   Modified Files:
	   pkgsrc/mail/squirrelmail: Makefile PLIST distinfo

   Log Message:
   Updated mail/squirrelmail to 1.4.13

   (pkgsrc notice: we were using the original, known-to-be-good 1.4.12
   distfile so all your servers should be fine)

   Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
   release 1.4.13 to ensure no confusions. While initial review didn't
   uncover a need for concern, several proof of concepts show that the
   package alterations introduce a high risk security issue, allowing
   remote inclusion of files. These changes would allow a remote user the
   ability to execute exploit code on a victim machine, without any user
   interaction on the victim's server. This could grant the attacker the
   ability to deploy further code on the victim's server.

   We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
   immediately.
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Dec 15 13:58:12 UTC 2007

   Modified Files:
	   pkgsrc/mail/squirrelmail: Makefile distinfo options.mk

   Log Message:
   Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.

   Bump PKG_REVISION.


To generate a diff of this commit:
cvs rdiff -r1.92.2.1 -r1.92.2.2 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -r1.23.2.1 -r1.23.2.2 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -r1.42.2.2 -r1.42.2.3 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -r1.5.2.1 -r1.5.2.2 pkgsrc/mail/squirrelmail/options.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.