Path to this page:
Next | Query returned 3 messages, browsing 1 to 10 | previous
CVS Commit History:
2007-12-17 16:38:57 by Geert Hendrickx | Files touched by this commit (4) | |
Log message:
Pullup ticket 2246 - requested by martti
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97
- pkgsrc/mail/squirrelmail/PLIST 1.25
- pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46
- pkgsrc/mail/squirrelmail/options.mk 1.7
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 14 20:44:35 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log message:
Updated mail/squirrelmail to 1.4.13
(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Dec 15 13:58:12 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
Bump PKG_REVISION.
|
2007-12-06 11:36:33 by Geert Hendrickx | Files touched by this commit (2) | |
Log message:
Pullup ticket 2243 - requested by taca
bugfix update for squirrelmail (squirrelmail-japanese option)
- pkgsrc/mail/squirrelmail/distinfo 1.44
- pkgsrc/mail/squirrelmail/options.mk 1.6
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 5 11:25:57 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: distinfo options.mk
Log message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
|
2007-12-05 08:31:14 by Geert Hendrickx | Files touched by this commit (5) | |
Log message:
Pullup ticket 2238 - requested by martti
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.95
- pkgsrc/mail/squirrelmail/PLIST 1.24
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.17
- pkgsrc/mail/squirrelmail/distinfo 1.43
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.14
Module Name: pkgsrc
Committed By: martti
Date: Wed Dec 5 07:11:29 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log message:
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or \
"000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
|
Next | Query returned 3 messages, browsing 1 to 10 | previous