diff options
| author | taca <taca@pkgsrc.org> | 2018-04-23 13:54:59 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2018-04-23 13:54:59 +0000 |
| commit | ea66b431dc72df609d715357484ee6f5c371c9aa (patch) | |
| tree | 8374df7cd500057b087c934106b3bd0095d46b89 /mail/roundcube | |
| parent | 740b2ff7fef8538cce438713f9021f639279024c (diff) | |
| download | pkgsrc-ea66b431dc72df609d715357484ee6f5c371c9aa.tar.gz | |
mail/roundcube: update to 1.2.8
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
Diffstat (limited to 'mail/roundcube')
| -rw-r--r-- | mail/roundcube/Makefile.common | 4 | ||||
| -rw-r--r-- | mail/roundcube/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/mail/roundcube/Makefile.common b/mail/roundcube/Makefile.common index 8d8b9b80ff5..c611166ac0f 100644 --- a/mail/roundcube/Makefile.common +++ b/mail/roundcube/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.7 2017/11/09 01:13:11 taca Exp $ +# $NetBSD: Makefile.common,v 1.8 2018/04/23 13:54:59 taca Exp $ # # used by mail/roundcube/Makefile # used by mail/roundcube/plugins.mk @@ -9,7 +9,7 @@ MASTER_SITES= ${MASTER_SITE_GITHUB:=roundcube/} GITHUB_PROJECT= roundcubemail HOMEPAGE= http://roundcube.net/ -RC_VERS= 1.2.7 +RC_VERS= 1.2.8 USE_LANGUAGES= # none USE_TOOLS+= pax diff --git a/mail/roundcube/distinfo b/mail/roundcube/distinfo index f6caf88efc9..2562be6321d 100644 --- a/mail/roundcube/distinfo +++ b/mail/roundcube/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.58 2017/11/09 01:13:11 taca Exp $ +$NetBSD: distinfo,v 1.59 2018/04/23 13:54:59 taca Exp $ -SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699 -RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761 -SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191 -Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes +SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548 +RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979 +SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c +Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227 SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668 SHA1 (patch-config_config.inc.php.sample) = 1c9751ba36394d592e7d3cdcc705010e0a4adda9 |