Subject: CVS commit: pkgsrc/mail/squirrelmail
From: Maya Rashish
Date: 2017-04-19 19:10:18
Message id: 20170419171018.DE9B1FBE4@cvs.NetBSD.org

Log Message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/S … ution.html

patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
bump PKGREVISION

Files:
RevisionActionfile
1.132modifypkgsrc/mail/squirrelmail/Makefile
1.68modifypkgsrc/mail/squirrelmail/distinfo
1.1addpkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php