ports/93774: mail/squirrelmail update to 1.4.6 (security update)

Thomas Vogt thomas at bsdunix.ch
Fri Feb 24 00:40:08 UTC 2006


>Number:         93774
>Category:       ports
>Synopsis:       mail/squirrelmail update to 1.4.6 (security update)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 24 00:40:07 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Vogt
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD bert.mlan.solnet.ch 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #2: Fri Feb 10 00:01:30 CET 2006 root at bert.mlan.solnet.ch:/usr/obj/usr/src/sys/UP6 i386


	
>Description:
	- This update fixes: IMAP injection in sqimap_mailbox_select mailbox parameter (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377)
	- Possible XSS in MagicHTML (IE only) (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195)
	- Possible XSS through right_frame parameter in webmail.php (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188)
	Please remove local port patches in squirrelmail/files:
	patch-class-deliver-Deliver.class.php
	patch-class-mime-Message.class.php
	patch-functions-imap_general.php
	patch-squirrelmail-stable.diff
	
	 All this patches are included in Squirrelmail 1.4.6
>How-To-Repeat:
	
>Fix:

diff -u squirrelmail.orig/Makefile squirrelmail/Makefile 
--- squirrelmail.orig/Makefile	Thu Feb  9 18:18:50 2006
+++ squirrelmail/Makefile	Fri Feb 24 01:07:28 2006
@@ -6,13 +6,12 @@
 #
 
 PORTNAME=	squirrelmail
-PORTVERSION?=	1.4.5
-PORTREVISION?=	3
+PORTVERSION?=	1.4.6
 CATEGORIES?=	mail www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	squirrelmail
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX} \
-		all_locales-${PORTVERSION}-20050904${EXTRACT_SUFX}
+		all_locales-${PORTVERSION}-20060221${EXTRACT_SUFX}
 DIST_SUBDIR=	squirrelmail
 
 MAINTAINER?=	simond at irrelevant.org


diff -u squirrelmail.orig/distinfo squirrelmail/distinfo
--- squirrelmail.orig/distinfo	Tue Nov 29 23:25:27 2005
+++ squirrelmail/distinfo	Fri Feb 24 01:07:30 2006
@@ -1,6 +1,6 @@
-MD5 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = bcfe0c1d4049e9c26e0040b2fa3adb07
-SHA256 (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 9e0d5ef38b490265e287fa600bcb326c87309189fdb4b973cf5515d3a397d126
-SIZE (squirrelmail/squirrelmail-1.4.5.tar.bz2) = 480226
-MD5 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = f75557ad06787c15f92dff9fcfe30632
-SHA256 (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 32919291f42c73795243963f137a75d88eb1aff79eed0fc5608f45f17c6d20ad
-SIZE (squirrelmail/all_locales-1.4.5-20050904.tar.bz2) = 2169815
+MD5 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 300ddcf66b7907a61b6e9404840e35de
+SHA256 (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 8694412708eeb1f4029a4850e69f4a6891b0959e6315572013f4db9d3addc9d3
+SIZE (squirrelmail/squirrelmail-1.4.6.tar.bz2) = 484099
+MD5 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 29dfec2e0f71fba368a89c36c51881c2
+SHA256 (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = e29b017deb84e7a3656ed846b2387911e4c7275e88fd3d6761528dbaa7510ac4
+SIZE (squirrelmail/all_locales-1.4.6-20060221.tar.bz2) = 2448102


>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list