Updated squirrelmail to 1.4.6

This release is very important, and we strongly advise everybody to
update to the latest release.

Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.

- In webmail.php, the right_frame parameter was not properly sanitized
  to deal with very lenient browsers, which allowed for cross site
  scripting or frame replacing. [CVE-2006-0188]

- In the MagicHTML function, some very obscure constructs were
  discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
  concern), and comments could be inside keywords (allows for cross site
  scripting). Both only affect Internet Explorer users. Found by Martijn
  Brinkers and Scott Hughes. [CVE-2006-0195]

- The function sqimap_mailbox_select did not strip newlines from the
  mailbox parameter, and thereby allowed for IMAP command injection.
  Found by Vicente Aguilera. [CVE-2006-0377]

1 files changed, 3 insertions, 3 deletions

diff --git a/mail/squirrelmail/buildlink3.mk b/mail/squirrelmail/buildlink3.mk
index 01d47124448..156d5f8a9f8 100644
--- a/mail/squirrelmail/buildlink3.mk
+++ b/mail/squirrelmail/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2006/02/17 07:04:25 martti Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2006/02/27 07:12:13 martti Exp $
 
 BUILDLINK_DEPTH:=		${BUILDLINK_DEPTH}+
 SQUIRRELMAIL_BUILDLINK3_MK:=	${SQUIRRELMAIL_BUILDLINK3_MK}+
@@ -11,8 +11,8 @@ BUILDLINK_PACKAGES:=	${BUILDLINK_PACKAGES:Nsquirrelmail}
 BUILDLINK_PACKAGES+=	squirrelmail
 
 .if !empty(SQUIRRELMAIL_BUILDLINK3_MK:M+)
-BUILDLINK_DEPENDS.squirrelmail+=	{ja-,}squirrelmail>=1.4.5
-BUILDLINK_RECOMMENDED.squirrelmail?=	squirrelmail>=1.4.5nb5
+BUILDLINK_DEPENDS.squirrelmail+=	{ja-,}squirrelmail>=1.4.6
+BUILDLINK_RECOMMENDED.squirrelmail?=	squirrelmail>=1.4.6
 BUILDLINK_PKGSRCDIR.squirrelmail?=	../../mail/squirrelmail
 .endif	# SQUIRRELMAIL_BUILDLINK3_MK