Bug 274520

Summary:

mail/roundcube: Security update to 1.6.4

Product:

Ports & Packages

Reporter:

Fabian Wenk <fabian>

Component:

Individual Port(s)

Assignee:

Alex Dupre <ale>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

FreeBSD, fabian

Priority:

---

Keywords:

patch, security

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (ale)

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
git diff for mail/roundcube to 1.6.4	none

Description Fabian Wenk 2023-10-16 20:03:49 UTC

Created attachment 245685 [details]
git diff for mail/roundcube to 1.6.4

https://roundcube.net/news/2023/10/16/security-update-1.6.4-released

Patch tested on FreeBSD 12.4 with PHP 8.1 (incl. contextmenu, carddav and managesieve).

Comment 1 commit-hook freebsd_committer

2023-10-17 13:22:00 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f45b7f2ad708d085a77bbad543650c75aff42376

commit f45b7f2ad708d085a77bbad543650c75aff42376
Author:     Alex Dupre <ale@FreeBSD.org>
AuthorDate: 2023-10-17 13:19:58 +0000
Commit:     Alex Dupre <ale@FreeBSD.org>
CommitDate: 2023-10-17 13:21:43 +0000

    mail/roundcube: update to 1.6.4 release

    Enable support for PHP 8.2.

    PR:             274520
    Submitted by:   Fabian Wenk <fabian@wenks.ch>

 mail/roundcube/Makefile | 4 ++--
 mail/roundcube/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 2 Jørn Åne de Jong 2023-11-10 13:13:17 UTC

Quarterly is affected by the same CVE (CVE-2023-5631).
Recommend patching or updating the quarterly package as well.

Release 1.6.4 does have more changes than only resolving the security issue [1].

[1] https://github.com/roundcube/roundcubemail/releases/tag/1.6.4