./mail/squirrelmail, PHP webmail package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2017Q1, Version: 1.4.23pre14605nb1, Package name: squirrelmail-1.4.23pre14605nb1, Maintainer: taca

SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and all
pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility
across browsers. It has very few requirements and is very easy to configure
and install. SquirrelMail has a all the functionality you would want from an
email client, including strong MIME support, address books, and folder
manipulation.


Required to run:
[devel/php-gettext] [lang/perl5]

Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

SHA1: b0301f777ac5e71b08cd8d718358ce0f3417a21d
RMD160: ee9c4d6bd6975f0134797cfc383821368a140542
Filesize: 544.966 KB

Version history: (Expand)

CVS history: (Expand)


   2017-04-20 20:27:26 by Benny Siegert | Files touched by this commit (3) 
Log message:
Pullup ticket #5333 - requested by maya
mail/squirrelmail: security fix

Revisions pulled up:
- mail/squirrelmail/Makefile                                    1.132
- mail/squirrelmail/distinfo                                    1.68
- mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php 1.1

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Apr 19 17:10:18 UTC 2017

   Modified Files:
           pkgsrc/mail/squirrelmail: Makefile distinfo
   Added Files:
           pkgsrc/mail/squirrelmail/patches:
               patch-class_deliver_Deliver__SendMail.class.php

   Log message:
   squirrelmail: patch remote code execution (CVE-2017-7692)
   separately escape tainted input before feeding it into popen.
   https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html

   patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
   bump PKGREVISION