pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail mail/roundcube: update to 1.2.8



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c61e1734dda9
branches:  trunk
changeset: 306704:c61e1734dda9
user:      taca <taca%pkgsrc.org@localhost>
date:      Mon Apr 23 13:54:59 2018 +0000
description:
mail/roundcube: update to 1.2.8

This is a security update to the stable version 1.2.  It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.

The second fix is about a missed remote content blocking on HTML messages with
specially crafted image and style tags.

We strongly recommend to update all productive installations of Roundcube
1.2.x.  Please do backup your data before updating!

CHANGELOG

* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
  (#6238)

* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)

* Fix security issue in remote content blocking on HTML image and style tags
  (#6178)

diffstat:

 mail/roundcube-plugin-enigma/distinfo      |  10 +++++-----
 mail/roundcube-plugin-password/distinfo    |  10 +++++-----
 mail/roundcube-plugin-zipdownload/distinfo |  10 +++++-----
 mail/roundcube/Makefile.common             |   4 ++--
 mail/roundcube/distinfo                    |  10 +++++-----
 5 files changed, 22 insertions(+), 22 deletions(-)

diffs (81 lines):

diff -r 6b97862b72dd -r c61e1734dda9 mail/roundcube-plugin-enigma/distinfo
--- a/mail/roundcube-plugin-enigma/distinfo     Mon Apr 23 13:51:19 2018 +0000
+++ b/mail/roundcube-plugin-enigma/distinfo     Mon Apr 23 13:54:59 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.8 2018/04/23 13:54:59 taca Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
diff -r 6b97862b72dd -r c61e1734dda9 mail/roundcube-plugin-password/distinfo
--- a/mail/roundcube-plugin-password/distinfo   Mon Apr 23 13:51:19 2018 +0000
+++ b/mail/roundcube-plugin-password/distinfo   Mon Apr 23 13:54:59 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.8 2018/04/23 13:55:00 taca Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
diff -r 6b97862b72dd -r c61e1734dda9 mail/roundcube-plugin-zipdownload/distinfo
--- a/mail/roundcube-plugin-zipdownload/distinfo        Mon Apr 23 13:51:19 2018 +0000
+++ b/mail/roundcube-plugin-zipdownload/distinfo        Mon Apr 23 13:54:59 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.8 2018/04/23 13:55:00 taca Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
diff -r 6b97862b72dd -r c61e1734dda9 mail/roundcube/Makefile.common
--- a/mail/roundcube/Makefile.common    Mon Apr 23 13:51:19 2018 +0000
+++ b/mail/roundcube/Makefile.common    Mon Apr 23 13:54:59 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.7 2017/11/09 01:13:11 taca Exp $
+# $NetBSD: Makefile.common,v 1.8 2018/04/23 13:54:59 taca Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -9,7 +9,7 @@
 GITHUB_PROJECT=        roundcubemail
 HOMEPAGE=      http://roundcube.net/
 
-RC_VERS=       1.2.7
+RC_VERS=       1.2.8
 
 USE_LANGUAGES=         # none
 USE_TOOLS+=            pax
diff -r 6b97862b72dd -r c61e1734dda9 mail/roundcube/distinfo
--- a/mail/roundcube/distinfo   Mon Apr 23 13:51:19 2018 +0000
+++ b/mail/roundcube/distinfo   Mon Apr 23 13:54:59 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.58 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.59 2018/04/23 13:54:59 taca Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
 SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227
 SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668
 SHA1 (patch-config_config.inc.php.sample) = 1c9751ba36394d592e7d3cdcc705010e0a4adda9



Home | Main Index | Thread Index | Old Index