pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/roundcube Update to version 2.0beta2.
details: https://anonhg.NetBSD.org/pkgsrc/rev/b95d2d68eab9
branches: trunk
changeset: 552038:b95d2d68eab9
user: ahoka <ahoka%pkgsrc.org@localhost>
date: Tue Dec 23 23:26:38 2008 +0000
description:
Update to version 2.0beta2.
This update fixes a serious security flaw, which can lead to arbitrary
command execution on the server running roundcube.
I could not find a formal changelog, but here's what the website writes:
There were two security issues reported which are now fixed. The first was as
possible code injection using the html2text conversion script. The other
exploit used the unchecked size parameters of the quota image to let PHP
create huge images eating up all the server memory.
diffstat:
mail/roundcube/Makefile | 4 ++--
mail/roundcube/distinfo | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diffs (34 lines):
diff -r 177e1d7b4568 -r b95d2d68eab9 mail/roundcube/Makefile
--- a/mail/roundcube/Makefile Tue Dec 23 22:47:01 2008 +0000
+++ b/mail/roundcube/Makefile Tue Dec 23 23:26:38 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2008/10/02 15:47:15 schmonz Exp $
+# $NetBSD: Makefile,v 1.13 2008/12/23 23:26:38 ahoka Exp $
#
DISTNAME= roundcubemail-${RCVERSION}-dep
@@ -13,7 +13,7 @@
USE_TOOLS+= pax
USE_LANGUAGES= # none
NO_BUILD= yes
-RCVERSION= 0.2-beta
+RCVERSION= 0.2-beta2
VERSION= ${RCVERSION:S/-//}
.include "../../mk/bsd.prefs.mk"
diff -r 177e1d7b4568 -r b95d2d68eab9 mail/roundcube/distinfo
--- a/mail/roundcube/distinfo Tue Dec 23 22:47:01 2008 +0000
+++ b/mail/roundcube/distinfo Tue Dec 23 23:26:38 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2008/10/02 15:47:15 schmonz Exp $
+$NetBSD: distinfo,v 1.9 2008/12/23 23:26:38 ahoka Exp $
-SHA1 (roundcubemail-0.2-beta-dep.tar.gz) = eb37b1000aadcffa9eecb8e01f311906fd7a9bd1
-RMD160 (roundcubemail-0.2-beta-dep.tar.gz) = 76b75b1decbcb5a9250cc413eafb3818fe10353a
-Size (roundcubemail-0.2-beta-dep.tar.gz) = 1126334 bytes
+SHA1 (roundcubemail-0.2-beta2-dep.tar.gz) = 21ddfc98b561348adc859e7b5701bfa050185582
+RMD160 (roundcubemail-0.2-beta2-dep.tar.gz) = 2bac95dff178ab0bc6ea9e0dde1cbacfc642c1b3
+Size (roundcubemail-0.2-beta2-dep.tar.gz) = 1127097 bytes
SHA1 (patch-aa) = 9e3821f745cfbec7fd2fb2783ff57e570cfd4457
SHA1 (patch-ab) = 9e81e117952150f363265bbda11cae9eb7d77c08
SHA1 (patch-ac) = df56f22ca7f5d932bc1b43d1e4b0a1d2f193a24b
Home |
Main Index |
Thread Index |
Old Index