Subject: CVS commit: pkgsrc/mail/squirrelmail
From: Maya Rashish
Date: 2017-04-19 19:10:18
Message id: 20170419171018.DE9B1FBE4@cvs.NetBSD.org
Log Message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html

patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
bump PKGREVISION
Files:
RevisionActionfile
1.132modifypkgsrc/mail/squirrelmail/Makefile
1.68modifypkgsrc/mail/squirrelmail/distinfo
1.1addpkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php