diff options
| author | ahoka <ahoka@pkgsrc.org> | 2008-12-23 23:26:38 +0000 |
|---|---|---|
| committer | ahoka <ahoka@pkgsrc.org> | 2008-12-23 23:26:38 +0000 |
| commit | d95cb82c4f04991d5e2ef866979c665c88be0704 (patch) | |
| tree | aacc4379062cb607e16ab73f085602a5bd63cd64 /mail | |
| parent | 9a274e6127dd20a8dc966a41475979d58ed4443d (diff) | |
| download | pkgsrc-d95cb82c4f04991d5e2ef866979c665c88be0704.tar.gz | |
Update to version 2.0beta2.
This update fixes a serious security flaw, which can lead to arbitrary
command execution on the server running roundcube.
I could not find a formal changelog, but here's what the website writes:
There were two security issues reported which are now fixed. The first was as
possible code injection using the html2text conversion script. The other
exploit used the unchecked size parameters of the quota image to let PHP
create huge images eating up all the server memory.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/roundcube/Makefile | 4 | ||||
| -rw-r--r-- | mail/roundcube/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile index 2225399524c..c91b4b31c36 100644 --- a/mail/roundcube/Makefile +++ b/mail/roundcube/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.12 2008/10/02 15:47:15 schmonz Exp $ +# $NetBSD: Makefile,v 1.13 2008/12/23 23:26:38 ahoka Exp $ # DISTNAME= roundcubemail-${RCVERSION}-dep @@ -13,7 +13,7 @@ COMMENT= Browser-based multilingual IMAP client USE_TOOLS+= pax USE_LANGUAGES= # none NO_BUILD= yes -RCVERSION= 0.2-beta +RCVERSION= 0.2-beta2 VERSION= ${RCVERSION:S/-//} .include "../../mk/bsd.prefs.mk" diff --git a/mail/roundcube/distinfo b/mail/roundcube/distinfo index cf64731b0c3..5adc49d42e5 100644 --- a/mail/roundcube/distinfo +++ b/mail/roundcube/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.8 2008/10/02 15:47:15 schmonz Exp $ +$NetBSD: distinfo,v 1.9 2008/12/23 23:26:38 ahoka Exp $ -SHA1 (roundcubemail-0.2-beta-dep.tar.gz) = eb37b1000aadcffa9eecb8e01f311906fd7a9bd1 -RMD160 (roundcubemail-0.2-beta-dep.tar.gz) = 76b75b1decbcb5a9250cc413eafb3818fe10353a -Size (roundcubemail-0.2-beta-dep.tar.gz) = 1126334 bytes +SHA1 (roundcubemail-0.2-beta2-dep.tar.gz) = 21ddfc98b561348adc859e7b5701bfa050185582 +RMD160 (roundcubemail-0.2-beta2-dep.tar.gz) = 2bac95dff178ab0bc6ea9e0dde1cbacfc642c1b3 +Size (roundcubemail-0.2-beta2-dep.tar.gz) = 1127097 bytes SHA1 (patch-aa) = 9e3821f745cfbec7fd2fb2783ff57e570cfd4457 SHA1 (patch-ab) = 9e81e117952150f363265bbda11cae9eb7d77c08 SHA1 (patch-ac) = df56f22ca7f5d932bc1b43d1e4b0a1d2f193a24b |