Bug 214925

Summary: mail/roundcube: Update to 1.2.3 (Fixes security vulnerability)
Product: Ports & Packages Reporter: Bernard Spil <brnrd>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Many People CC: junovitch, pierre, ports-secteam
Priority: --- Keywords: patch, patch-ready, security
Version: LatestFlags: bugzilla: maintainer-feedback? (ale)
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
svn diff for mail/roundcube none

Description Bernard Spil freebsd_committer freebsd_triage 2016-11-29 09:01:47 UTC
mail/roundcube: Update to 1.2.3

  - Update to 1.2.3
    - Fix arbitrary command execution vulnerability

PR:
Security: 125f5958-b611-11e6-a9a5-b499baebfeaf
Comment 1 Bernard Spil freebsd_committer freebsd_triage 2016-11-29 09:02:18 UTC
Created attachment 177504 [details]
svn diff for mail/roundcube
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-11-29 10:19:55 UTC
Author: brnrd
Date: Tue Nov 29 08:55:55 2016
New Revision: 427367
URL: https://svnweb.freebsd.org/changeset/ports/427367

Log:
  security/vuxml: Document Roundcube vulnerability

Modified:
  head/security/vuxml/vuln.xml
Comment 3 Pierre Guinoiseau 2016-12-02 22:48:34 UTC
Can somebody commit the patch please?
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-12-04 21:02:13 UTC
A commit references this bug:

Author: junovitch
Date: Sun Dec  4 21:01:17 UTC 2016
New revision: 427802
URL: https://svnweb.freebsd.org/changeset/ports/427802

Log:
  mail/roundcube: update 1.2.2 -> 1.2.3; add NO_ARCH while here

  Changes:	https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123

  PR:		214925
  Submitted by:	brnrd
  Approved by:	ports-secteam (with hat)
  Security:	https://vuxml.FreeBSD.org/freebsd/125f5958-b611-11e6-a9a5-b499baebfeaf.html
  MFH:		2016Q4
  X-MFH-With:	r423243, r423250, r423479

Changes:
  head/mail/roundcube/Makefile
  head/mail/roundcube/distinfo
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-12-04 21:04:24 UTC
A commit references this bug:

Author: junovitch
Date: Sun Dec  4 21:03:15 UTC 2016
New revision: 427804
URL: https://svnweb.freebsd.org/changeset/ports/427804

Log:
  MFH: r423243 r423250 r423479 r427802

  mail/roundcube: Update to 1.2.1

    - Update to 1.2.1
    - Add missing .htaccess file in WWWDIR [1]
    - Switch WANT_PHP_WEB to USES= php:web
    - Add description for DB options group
    - Convert all ${PORT_OPTIONS:Mfoo} to OPTIONS framework
    - Convert target conditionals to target-OPT-on

  PR:		196016 [1]
  Submitted by:	Lukasz Wasikowski <lukasz@wasikowski.net> [1]
  Approved by:	Maintainer timeout

  mail/roundcube: fix dependency when using SQLite, bump PORTREVISION

  mail/roundcube: 1.2.1 -> 1.2.2

  PR:		196026
  Changes:	https://github.com/roundcube/roundcubemail/wiki/Changelog#release-122
  Submitted by:	brnrd
  Approved by:	ale (maintainer timeout)

  mail/roundcube: update 1.2.2 -> 1.2.3; add NO_ARCH while here

  Changes:	https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123

  PR:		214925
  Submitted by:	brnrd
  Security:	https://vuxml.FreeBSD.org/freebsd/125f5958-b611-11e6-a9a5-b499baebfeaf.html

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/mail/roundcube/Makefile
  branches/2016Q4/mail/roundcube/distinfo
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2016-12-04 21:05:27 UTC
Update committed and MFH'd to quarterly.
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-12-14 03:12:35 UTC
A commit references this bug:

Author: junovitch
Date: Wed Dec 14 03:12:28 UTC 2016
New revision: 428543
URL: https://svnweb.freebsd.org/changeset/ports/428543

Log:
  Update Roundcube entry with CVE and Bugtraq ID and switch to more detailed
  Mitre verbiage.

  PR:		214925
  Security:	CVE-2016-9920
  Security:	https://vuxml.FreeBSD.org/freebsd/125f5958-b611-11e6-a9a5-b499baebfeaf.html

Changes:
  head/security/vuxml/vuln.xml