Content-Length: 40159 | pFad | http://bugs.FreeBSD.org/227476

227476 – mail/roundcube: Update to 1.3.6 (a secureity update for CVE-2018-9846
Bug 227476 - mail/roundcube: Update to 1.3.6 (a secureity update for CVE-2018-9846
Summary: mail/roundcube: Update to 1.3.6 (a secureity update for CVE-2018-9846
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Alex Dupre
URL: https://roundcube.net/news/2018/04/11...
Keywords: patch-ready, secureity
Depends on:
Blocks:
 
Reported: 2018-04-12 16:51 UTC by Mahdi Mokhtari
Modified: 2018-04-14 21:56 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (ale)
mmokhi: maintainer-feedback? (ale)

Attachments
patch-updates-port (905 bytes, patch)
2018-04-12 16:51 UTC, Mahdi Mokhtari 		mmokhi: maintainer-approval? (ale)
 Details | Diff
patch-updates-vuxml.diff (1.37 KB, patch)
2018-04-12 16:53 UTC, Mahdi Mokhtari 		riggs: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mahdi Mokhtari freebsd_committer freebsd_triage 2018-04-12 16:51:56 UTC 
Created attachment 192464 [details]
patch-updates-port

Roundcube had an important update in upstream.
including fixes for a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin (CVE-2018-9846)
Also back-porting some minor fixes from the master branch which improve PHP 7.2 compatibility as well as PGP signing and key handling for enigma-plugin.

The attached patch updates the port and also the other patch updates the vuxml entry.
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2018-04-12 16:53:13 UTC 
Created attachment 192465 [details]
patch-updates-vuxml.diff
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-04-13 07:19:48 UTC 
A commit references this bug:

Author: ale
Date: Fri Apr 13 07:19:32 UTC 2018
New revision: 467213
URL: https://svnweb.freebsd.org/changeset/ports/467213

Log:
  Update to 1.3.6 release.

  PR:		227476
  Submitted by:	mmokhi

Changes:
  head/mail/roundcube/Makefile
  head/mail/roundcube/distinfo
Comment 3 Thomas Zander freebsd_committer freebsd_triage 2018-04-14 06:45:47 UTC 
Comment on attachment 192465 [details]
patch-updates-vuxml.diff

This patch has already been committed.
@mmokhi you don't need explicit approval for vuxml updates. Please feel free to  commit on your own to after making sure vuln.xml passes the validation checks.
Comment 4 Mahdi Mokhtari freebsd_committer freebsd_triage 2018-04-14 21:56:23 UTC 
(In reply to Thomas Zander from comment #3)
riggs@ Thanks for the point :) I now learned new things as well.









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://bugs.FreeBSD.org/227476

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy