Created attachment 191714 [details] Update and security fix for squirrelmail The Squirrelmail (mail/squirrelmail) port contains a security flaw which could allow users to access files on the server's file system. See CVE-2018-8741 discussed here: http://www.openwall.com/lists/oss-security/2018/03/17/2 The attached patch updates the Squirrelmail port to address the security hole. Basically it just includes the new patch provided by Openwall and bumps the port's revision number.
I think this patch is correct. Thanks for your work!
(In reply to Zsolt Udvari from comment #1) My pleasure. I've now tested the patched package on two servers and it's working ok for me.
Created attachment 192200 [details] Update to 20180404, fix CVE The squirrelmail codebase is updated, see https://sourceforge.net/p/squirrelmail/code/14751 .
Comment on attachment 191714 [details] Update and security fix for squirrelmail The newer patch obsoletes this.
A commit references this bug: Author: mat Date: Thu May 3 12:42:48 UTC 2018 New revision: 468923 URL: https://svnweb.freebsd.org/changeset/ports/468923 Log: Update to 20180404. PR: 226831 Submitted by: maintainer MFH: 2018Q2 Security: CVE-2018-8741 Sponsored by: Absolight Changes: head/mail/squirrelmail/Makefile head/mail/squirrelmail/distinfo
A commit references this bug: Author: mat Date: Mon May 7 10:47:30 UTC 2018 New revision: 469283 URL: https://svnweb.freebsd.org/changeset/ports/469283 Log: MFH: r468923 Update to 20180404. PR: 226831 Submitted by: maintainer Security: CVE-2018-8741 Sponsored by: Absolight Changes: _U branches/2018Q2/ branches/2018Q2/mail/squirrelmail/Makefile branches/2018Q2/mail/squirrelmail/distinfo