ports/93774: mail/squirrelmail update to 1.4.6 (security update)
Thomas Vogt
thomas at bsdunix.ch
Fri Feb 24 00:40:08 UTC 2006
>Number: 93774
>Category: ports
>Synopsis: mail/squirrelmail update to 1.4.6 (security update)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 24 00:40:07 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Thomas Vogt
>Release: FreeBSD 6.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD bert.mlan.solnet.ch 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #2: Fri Feb 10 00:01:30 CET 2006 root at bert.mlan.solnet.ch:/usr/obj/usr/src/sys/UP6 i386
>Description:
- This update fixes: IMAP injection in sqimap_mailbox_select mailbox parameter (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377)
- Possible XSS in MagicHTML (IE only) (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195)
- Possible XSS through right_frame parameter in webmail.php (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188)
Please remove local port patches in squirrelmail/files:
patch-class-deliver-Deliver.class.php
patch-class-mime-Message.class.php
patch-functions-imap_general.php
patch-squirrelmail-stable.diff
All this patches are included in Squirrelmail 1.4.6
>How-To-Repeat:
>Fix:
diff -u squirrelmail.orig/Makefile squirrelmail/Makefile
--- squirrelmail.orig/Makefile Thu Feb 9 18:18:50 2006
+++ squirrelmail/Makefile Fri Feb 24 01:07:28 2006
@@ -6,13 +6,12 @@
#
PORTNAME= squirrelmail
-PORTVERSION?= 1.4.5
-PORTREVISION?= 3
+PORTVERSION?= 1.4.6
CATEGORIES?= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= squirrelmail
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \
- all_locales-${PORTVERSION}-20050904${EXTRACT_SUFX}
+ all_locales-${PORTVERSION}-20060221${EXTRACT_SUFX}
DIST_SUBDIR= squirrelmail
MAINTAINER?= simond at irrelevant.org
diff -u squirrelmail.orig/distinfo squirrelmail/distinfo
--- squirrelmail.orig/distinfo Tue Nov 29 23:25:27 2005
+++ squirrelmail/distinfo Fri Feb 24 01:07:30 2006
@@ -1,6 +1,6 @@
-MD5 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = bcfe0c1d4049e9c26e0040b2fa3adb07
-SHA256 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 9e0d5ef38b490265e287fa600bcb326c87309189fdb4b973cf5515d3a397d126
-SIZE (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 480226
-MD5 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = f75557ad06787c15f92dff9fcfe30632
-SHA256 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 32919291f42c73795243963f137a75d88eb1aff79eed0fc5608f45f17c6d20ad
-SIZE (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 2169815
+MD5 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 300ddcf66b7907a61b6e9404840e35de
+SHA256 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 8694412708eeb1f4029a4850e69f4a6891b0959e6315572013f4db9d3addc9d3
+SIZE (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 484099
+MD5 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 29dfec2e0f71fba368a89c36c51881c2
+SHA256 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = e29b017deb84e7a3656ed846b2387911e4c7275e88fd3d6761528dbaa7510ac4
+SIZE (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 2448102
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list