diff options
| author | martti <martti@pkgsrc.org> | 2007-12-14 20:44:35 +0000 |
|---|---|---|
| committer | martti <martti@pkgsrc.org> | 2007-12-14 20:44:35 +0000 |
| commit | de9beccdb8f7921d4960b8347bf7ba00776b0ae3 (patch) | |
| tree | f560bbf57115bf8495ae2186cbd14d7725d09a71 /mail/squirrelmail/Makefile | |
| parent | 1161903aa17db8fa88a3773074df72fb20df5c49 (diff) | |
| download | pkgsrc-de9beccdb8f7921d4960b8347bf7ba00776b0ae3.tar.gz | |
Updated mail/squirrelmail to 1.4.13
(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
Diffstat (limited to 'mail/squirrelmail/Makefile')
| -rw-r--r-- | mail/squirrelmail/Makefile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile index ee6b78b9e09..003af96ea0f 100644 --- a/mail/squirrelmail/Makefile +++ b/mail/squirrelmail/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.95 2007/12/05 07:11:28 martti Exp $ +# $NetBSD: Makefile,v 1.96 2007/12/14 20:44:35 martti Exp $ -DISTNAME= squirrelmail-1.4.12 +DISTNAME= squirrelmail-1.4.13 #PKGREVISION= 1 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=squirrelmail/} |