pkgsrc.se | The NetBSD package collection

Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/mail/squirrelmail
From: Benny Siegert
Date: 2017-04-20 20:27:26
Message id: 20170420182726.F375FFBE4@cvs.NetBSD.org

Log Message:
Pullup ticket #5333 - requested by maya
mail/squirrelmail: security fix

Revisions pulled up:
- mail/squirrelmail/Makefile                                    1.132
- mail/squirrelmail/distinfo                                    1.68
- mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php 1.1

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Apr 19 17:10:18 UTC 2017

   Modified Files:
           pkgsrc/mail/squirrelmail: Makefile distinfo
   Added Files:
           pkgsrc/mail/squirrelmail/patches:
               patch-class_deliver_Deliver__SendMail.class.php

   Log Message:
   squirrelmail: patch remote code execution (CVE-2017-7692)
   separately escape tainted input before feeding it into popen.
   https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html

   patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
   bump PKGREVISION

Files:

Revision	Action	file
1.131.4.1	modify	pkgsrc/mail/squirrelmail/Makefile
1.67.4.1	modify	pkgsrc/mail/squirrelmail/distinfo
1.1.2.2	add	pkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php