diff options
| author | maya <maya@pkgsrc.org> | 2017-04-19 17:10:18 +0000 |
|---|---|---|
| committer | maya <maya@pkgsrc.org> | 2017-04-19 17:10:18 +0000 |
| commit | f8e0eb44842a409b20cb31467e6d250a4a5f93aa (patch) | |
| tree | b88164395ca53586bff1a37d126152849cb95752 /mail/squirrelmail/Makefile | |
| parent | 790ecc8a0124ef858750d083a90e3ab08f0b8978 (diff) | |
| download | pkgsrc-f8e0eb44842a409b20cb31467e6d250a4a5f93aa.tar.gz | |
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html
patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
bump PKGREVISION
Diffstat (limited to 'mail/squirrelmail/Makefile')
| -rw-r--r-- | mail/squirrelmail/Makefile | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile index f0287888f0b..bcf13f75d3a 100644 --- a/mail/squirrelmail/Makefile +++ b/mail/squirrelmail/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.131 2016/11/17 15:10:07 taca Exp $ +# $NetBSD: Makefile,v 1.132 2017/04/19 17:10:18 maya Exp $ DISTNAME= squirrelmail-webmail-1.4.23pre14605 +PKGREVISION= 1 PKGNAME= ${DISTNAME:S/-webmail//} CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_LOCAL} |