diff options
| author | ghen <ghen@pkgsrc.org> | 2007-12-17 15:38:54 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-12-17 15:38:54 +0000 |
| commit | 264050991eb5384c06fe4c58905e4c34ecb2c114 (patch) | |
| tree | 4180648b9fdad57f1d05e6830aff39ee0b99d07f /x11 | |
| parent | a3a6b8f108191adacd3e4859d7173205da367969 (diff) | |
| download | pkgsrc-264050991eb5384c06fe4c58905e4c34ecb2c114.tar.gz | |
Pullup ticket 2246 - requested by martti
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97
- pkgsrc/mail/squirrelmail/PLIST 1.25
- pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46
- pkgsrc/mail/squirrelmail/options.mk 1.7
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 14 20:44:35 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Updated mail/squirrelmail to 1.4.13
(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Dec 15 13:58:12 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
Bump PKG_REVISION.
Diffstat (limited to 'x11')
0 files changed, 0 insertions, 0 deletions