Bug 227476
| Summary: | mail/roundcube: Update to 1.3.6 (a security update for CVE-2018-9846 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Mahdi Mokhtari <mmokhi> | ||||||
| Component: | Individual Port(s) | Assignee: | Alex Dupre <ale> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Some People | CC: | ale, feld, ports-secteam, riggs | ||||||
| Priority: | --- | Keywords: | patch-ready, security | ||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(ale) mmokhi: maintainer-feedback? (ale) |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://roundcube.net/news/2018/04/11/security-update-1.3.6 | ||||||||
| Attachments: |
|
||||||||
Created attachment 192465 [details]
patch-updates-vuxml.diff
A commit references this bug: Author: ale Date: Fri Apr 13 07:19:32 UTC 2018 New revision: 467213 URL: https://svnweb.freebsd.org/changeset/ports/467213 Log: Update to 1.3.6 release. PR: 227476 Submitted by: mmokhi Changes: head/mail/roundcube/Makefile head/mail/roundcube/distinfo Comment on attachment 192465 [details]
patch-updates-vuxml.diff
This patch has already been committed.
@mmokhi you don't need explicit approval for vuxml updates. Please feel free to commit on your own to after making sure vuln.xml passes the validation checks.
(In reply to Thomas Zander from comment #3) riggs@ Thanks for the point :) I now learned new things as well. |
Created attachment 192464 [details] patch-updates-port Roundcube had an important update in upstream. including fixes for a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin (CVE-2018-9846) Also back-porting some minor fixes from the master branch which improve PHP 7.2 compatibility as well as PGP signing and key handling for enigma-plugin. The attached patch updates the port and also the other patch updates the vuxml entry.