ports/73667: Maintainer port update: mail/squirrelmail
Simon Dick
simond at home.irrelevant.org
Mon Nov 8 10:40:30 UTC 2004
>Number: 73667
>Category: ports
>Synopsis: Maintainer port update: mail/squirrelmail
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 08 10:40:29 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Simon Dick
>Release: FreeBSD 4.9-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD nelly.internal.irrelevant.org 4.9-RELEASE-p1 FreeBSD 4.9-RELEASE-p1 #5: Sat Feb 7 07:48:58 GMT 2004 root at nelly.internal.irrelevant.org:/usr/obj/usr/src/sys/ELEPHANT i386
>Description:
Fix for XSS scripting flaw
>How-To-Repeat:
>Fix:
diff -ruN /usr/ports/mail/squirrelmail/Makefile squirrelmail/Makefile
--- /usr/ports/mail/squirrelmail/Makefile Wed Nov 3 09:04:51 2004
+++ squirrelmail/Makefile Mon Nov 8 10:29:56 2004
@@ -7,7 +7,7 @@
PORTNAME= squirrelmail
PORTVERSION?= 1.4.3a
-PORTREVISION?= 1
+PORTREVISION?= 2
CATEGORIES?= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= squirrelmail
diff -ruN /usr/ports/mail/squirrelmail/files/patch-sm143a-xss.diff squirrelmail/files/patch-sm143a-xss.diff
--- /usr/ports/mail/squirrelmail/files/patch-sm143a-xss.diff Thu Jan 1 01:00:00 1970
+++ squirrelmail/files/patch-sm143a-xss.diff Mon Nov 8 10:29:15 2004
@@ -0,0 +1,28 @@
+diff -urN functions/mime.php functions/mime.php
+--- functions/mime.php 2004-05-23 19:14:11.000000000 +0300
++++ functions/mime.php 2004-11-03 19:16:50.000000000 +0200
+@@ -602,13 +602,22 @@
+ }
+ $iLastMatch = $i;
+ $j = $i;
+- $ret .= $res[1];
++ if ($htmlsave) {
++ $ret .= htmlspecialchars($res[1]);
++ } else {
++ $ret .= $res[1];
++ }
+ $encoding = ucfirst($res[3]);
+ switch ($encoding)
+ {
+ case 'B':
+ $replace = base64_decode($res[4]);
+- $ret .= charset_decode($res[2],$replace);
++ if ($utfencode) {
++ $replace = charset_decode($res[2],$replace);
++ } elseif ($htmlsave) {
++ $replace = htmlspecialchars($replace);
++ }
++ $ret .= $replace;
+ break;
+ case 'Q':
+ $replace = str_replace('_', ' ', $res[4]);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list