pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/roundcube Update to version 2.0beta2.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b95d2d68eab9
branches:  trunk
changeset: 552038:b95d2d68eab9
user:      ahoka <ahoka%pkgsrc.org@localhost>
date:      Tue Dec 23 23:26:38 2008 +0000

description:
Update to version 2.0beta2.

This update fixes a serious security flaw, which can lead to arbitrary
command execution on the server running roundcube.

I could not find a formal changelog, but here's what the website writes:
 There were two security issues reported which are now fixed. The first was as
 possible code injection using the html2text conversion script. The other
 exploit used the unchecked size parameters of the quota image to let PHP
 create huge images eating up all the server memory.

diffstat:

 mail/roundcube/Makefile |  4 ++--
 mail/roundcube/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (34 lines):

diff -r 177e1d7b4568 -r b95d2d68eab9 mail/roundcube/Makefile
--- a/mail/roundcube/Makefile   Tue Dec 23 22:47:01 2008 +0000
+++ b/mail/roundcube/Makefile   Tue Dec 23 23:26:38 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2008/10/02 15:47:15 schmonz Exp $
+# $NetBSD: Makefile,v 1.13 2008/12/23 23:26:38 ahoka Exp $
 #
 
 DISTNAME=      roundcubemail-${RCVERSION}-dep
@@ -13,7 +13,7 @@
 USE_TOOLS+=    pax
 USE_LANGUAGES= # none
 NO_BUILD=      yes
-RCVERSION=     0.2-beta
+RCVERSION=     0.2-beta2
 VERSION=       ${RCVERSION:S/-//}
 
 .include "../../mk/bsd.prefs.mk"
diff -r 177e1d7b4568 -r b95d2d68eab9 mail/roundcube/distinfo
--- a/mail/roundcube/distinfo   Tue Dec 23 22:47:01 2008 +0000
+++ b/mail/roundcube/distinfo   Tue Dec 23 23:26:38 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2008/10/02 15:47:15 schmonz Exp $
+$NetBSD: distinfo,v 1.9 2008/12/23 23:26:38 ahoka Exp $
 
-SHA1 (roundcubemail-0.2-beta-dep.tar.gz) = eb37b1000aadcffa9eecb8e01f311906fd7a9bd1
-RMD160 (roundcubemail-0.2-beta-dep.tar.gz) = 76b75b1decbcb5a9250cc413eafb3818fe10353a
-Size (roundcubemail-0.2-beta-dep.tar.gz) = 1126334 bytes
+SHA1 (roundcubemail-0.2-beta2-dep.tar.gz) = 21ddfc98b561348adc859e7b5701bfa050185582
+RMD160 (roundcubemail-0.2-beta2-dep.tar.gz) = 2bac95dff178ab0bc6ea9e0dde1cbacfc642c1b3
+Size (roundcubemail-0.2-beta2-dep.tar.gz) = 1127097 bytes
 SHA1 (patch-aa) = 9e3821f745cfbec7fd2fb2783ff57e570cfd4457
 SHA1 (patch-ab) = 9e81e117952150f363265bbda11cae9eb7d77c08
 SHA1 (patch-ac) = df56f22ca7f5d932bc1b43d1e4b0a1d2f193a24b



Home | Main Index | Thread Index | Old Index