diff options
| author | martti <martti@pkgsrc.org> | 2006-02-27 07:12:13 +0000 |
|---|---|---|
| committer | martti <martti@pkgsrc.org> | 2006-02-27 07:12:13 +0000 |
| commit | 5e8732153d006b7825ffd37d2ee70c27eaaa5962 (patch) | |
| tree | 6dc6f10d3fd5117f905c07cde5becb650ce46816 /mail/squirrelmail/distinfo | |
| parent | 524eeec05b7f95b669d595f0cd7a6de594b9537c (diff) | |
| download | pkgsrc-5e8732153d006b7825ffd37d2ee70c27eaaa5962.tar.gz | |
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
Diffstat (limited to 'mail/squirrelmail/distinfo')
| -rw-r--r-- | mail/squirrelmail/distinfo | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/mail/squirrelmail/distinfo b/mail/squirrelmail/distinfo index 52a572fb7dc..83c8c0570c2 100644 --- a/mail/squirrelmail/distinfo +++ b/mail/squirrelmail/distinfo @@ -1,13 +1,6 @@ -$NetBSD: distinfo,v 1.29 2005/12/05 20:13:38 martti Exp $ +$NetBSD: distinfo,v 1.30 2006/02/27 07:12:13 martti Exp $ -SHA1 (squirrelmail-1.4.5.tar.bz2) = 48c93dd99b72b73a3ea48311152bcbc40af5cabb -RMD160 (squirrelmail-1.4.5.tar.bz2) = 6f748e483ea1c3c94eeb849ce11a3afd90c499a0 -Size (squirrelmail-1.4.5.tar.bz2) = 480226 bytes +SHA1 (squirrelmail-1.4.6.tar.bz2) = b813aa9f736b4b6c41d1afd35bcbd01604e85cf7 +RMD160 (squirrelmail-1.4.6.tar.bz2) = 3cee894b392620af3e35ef1d00e35775559dd4f7 +Size (squirrelmail-1.4.6.tar.bz2) = 484099 bytes SHA1 (patch-aa) = cafc171ab1de5e2e1e83caff39f3bfb810fe2ab5 -SHA1 (patch-ab) = c101e77938a3c2c6cf62b62a79a63125d44dda32 -SHA1 (patch-ac) = 7d3c742e8694fb051ada1d11d1624b199d61cf5b -SHA1 (patch-ad) = 1db2f3d91e059a26ba41e638b7fba134fb7fa1ca -SHA1 (patch-ae) = 45578c696d9e0ff48928e81228982e5d40c86919 -SHA1 (patch-af) = 96bb58143a83b6bbeb5477fdcd470895ccae202b -SHA1 (patch-ag) = a9cd5b779468ca7f1361c72207bbb550cd9748e3 -SHA1 (patch-ah) = 073dfa9544b8dd9ec91c4a8cba5e5b6c710e284f |