[Bug 209841] mail/roundcube: 1.1.5 vulnerable to CVE-2016-5103

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209841

            Bug ID: 209841
           Summary: mail/roundcube: 1.1.5 vulnerable to CVE-2016-5103
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/roundcube/roundcubemail/issues/5240
                OS: Any
            Status: New
          Keywords: patch, security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ale at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
                CC: ale at FreeBSD.org
 Attachment #170808 maintainer-approval?(ale at FreeBSD.org)
             Flags:
             Flags: maintainer-feedback?(ale at FreeBSD.org),
                    merge-quarterly?
          Assignee: ale at FreeBSD.org
                CC: ale at FreeBSD.org

Created attachment 170808
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=170808&action=edit
Patch roundcube against CVE-2016-5103

The current version of Roundcube, v1.1.5, is vulnerable to CVE-2016-5103.

* Upstream Issue: https://github.com/roundcube/roundcubemail/issues/5240
* CVE assignment: http://seclists.org/oss-sec/2016/q2/414

The upstream has not yet released a version that would include the fix.

I don't know what changes against vuxml should be done in order to submit a
patch myself.

I've attached a patch for Roundcube, in case the maintainer wants to apply it
until the upstream releases a new version. Portlint pass. port test pass.
Testing in production right now.

-- 
You are receiving this mail because:
You are the assignee for the bug.