Subject: CVS commit: [pkgsrc-2018Q1] pkgsrc/mail
From: S.P.Zeidler
Date: 2018-05-06 10:40:13
Message id: 20180506084013.F2F80FBEC@cvs.NetBSD.org

Log Message:
Pullup ticket #5739 - requested by bsiegert
mail/roundcube: security update
mail/roundcube-plugin-enigma: security update
mail/roundcube-plugin-password: security update
mail/roundcube-plugin-zipdownload: security update

Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo                         1.8
- mail/roundcube-plugin-password/distinfo                       1.8
- mail/roundcube-plugin-zipdownload/distinfo                    1.8
- mail/roundcube/Makefile.common                                1.8
- mail/roundcube/distinfo                                       1.59

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Mon Apr 23 13:55:00 UTC 2018

   Modified Files:
            pkgsrc/mail/roundcube: Makefile.common distinfo
            pkgsrc/mail/roundcube-plugin-enigma: distinfo
            pkgsrc/mail/roundcube-plugin-password: distinfo
            pkgsrc/mail/roundcube-plugin-zipdownload: distinfo

   Log Message:
   mail/roundcube: update to 1.2.8

   This is a security update to the stable version 1.2.  It fixes a recently
   reported vulnerability allowing IMAP command injection via a GET parameters.
   More details about this are published under CVE-2018-9846.

   The second fix is about a missed remote content blocking on HTML messages
   with
   specially crafted image and style tags.

   We strongly recommend to update all productive installations of Roundcube
   1.2.x.  Please do backup your data before updating!

   CHANGELOG

   * Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
      (#6238)

   * Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)

   * Fix security issue in remote content blocking on HTML image and style tags
      (#6178)

   To generate a diff of this commit:
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube/Makefile.common
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/roundcube/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-enigma/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-password/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo

Files:
RevisionActionfile
1.7.4.1modifypkgsrc/mail/roundcube/Makefile.common
1.58.4.1modifypkgsrc/mail/roundcube/distinfo
1.7.4.1modifypkgsrc/mail/roundcube-plugin-enigma/distinfo
1.7.4.1modifypkgsrc/mail/roundcube-plugin-password/distinfo
1.7.4.1modifypkgsrc/mail/roundcube-plugin-zipdownload/distinfo