From b611ba68f23b8a1ffc6320a441b7dc4b54251d5c Mon Sep 17 00:00:00 2001 From: martti Date: Fri, 14 Dec 2007 20:44:35 +0000 Subject: Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. --- mail/squirrelmail/Makefile | 4 ++-- mail/squirrelmail/PLIST | 3 ++- mail/squirrelmail/distinfo | 8 ++++---- 3 files changed, 8 insertions(+), 7 deletions(-) (limited to 'mail') diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile index ee6b78b9e09..003af96ea0f 100644 --- a/mail/squirrelmail/Makefile +++ b/mail/squirrelmail/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.95 2007/12/05 07:11:28 martti Exp $ +# $NetBSD: Makefile,v 1.96 2007/12/14 20:44:35 martti Exp $ -DISTNAME= squirrelmail-1.4.12 +DISTNAME= squirrelmail-1.4.13 #PKGREVISION= 1 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=squirrelmail/} diff --git a/mail/squirrelmail/PLIST b/mail/squirrelmail/PLIST index df48941dfcb..14750851148 100644 --- a/mail/squirrelmail/PLIST +++ b/mail/squirrelmail/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.24 2007/12/05 07:11:28 martti Exp $ +@comment $NetBSD: PLIST,v 1.25 2007/12/14 20:44:35 martti Exp $ man/man8/squirrelmail-conf.pl.8 share/examples/squirrelmail/squirrelmail.conf share/squirrelmail/AUTHORS @@ -58,6 +58,7 @@ share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.10.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.10a.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.11.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.12.txt +share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.13.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.2.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3a.txt diff --git a/mail/squirrelmail/distinfo b/mail/squirrelmail/distinfo index f1cef3f4a2a..6de337f2e6e 100644 --- a/mail/squirrelmail/distinfo +++ b/mail/squirrelmail/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.44 2007/12/05 11:25:57 taca Exp $ +$NetBSD: distinfo,v 1.45 2007/12/14 20:44:35 martti Exp $ SHA1 (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 8823810ca00ab5510a48db78826112a9482d1895 RMD160 (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 98649a1639567bb6669e9cfc0ca8b0743ebfb46e @@ -6,7 +6,7 @@ Size (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 1800 bytes SHA1 (squirrelmail-1.4.12-ja-20071205-patch.gz) = 16de8fb72ce13cf302279772eb0d3df84e409b3f RMD160 (squirrelmail-1.4.12-ja-20071205-patch.gz) = fac415d26cfc5d297f927830b1fd8704e0b5b189 Size (squirrelmail-1.4.12-ja-20071205-patch.gz) = 7739 bytes -SHA1 (squirrelmail-1.4.12.tar.bz2) = cf5c716fe2b356bafa0aa10ebdb9980339c3a0cb -RMD160 (squirrelmail-1.4.12.tar.bz2) = a25130f4eab2a84914f021a7baa432383f7ef551 -Size (squirrelmail-1.4.12.tar.bz2) = 496632 bytes +SHA1 (squirrelmail-1.4.13.tar.bz2) = cbc101076dfde6f78e871133fc6a17b5d3aa0edb +RMD160 (squirrelmail-1.4.13.tar.bz2) = d2d27c9e2fe6225833da15981b9d6881ce55fc6d +Size (squirrelmail-1.4.13.tar.bz2) = 497103 bytes SHA1 (patch-aa) = 6f48193a3b4ee86e85afcc66e2299ecbfe375796 -- cgit v1.2.3