Date: Mon, 08 Nov 2004 10:32:13 +0000 From: Simon Dick <simond@home.irrelevant.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/73667: Maintainer port update: mail/squirrelmail Message-ID: <E1CR6on-000H9L-9T@home.irrelevant.org> Resent-Message-ID: <200411081040.iA8AeT2A008565@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 73667 >Category: ports >Synopsis: Maintainer port update: mail/squirrelmail >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Nov 08 10:40:29 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Simon Dick >Release: FreeBSD 4.9-RELEASE-p1 i386 >Organization: >Environment: System: FreeBSD nelly.internal.irrelevant.org 4.9-RELEASE-p1 FreeBSD 4.9-RELEASE-p1 #5: Sat Feb 7 07:48:58 GMT 2004 root@nelly.internal.irrelevant.org:/usr/obj/usr/src/sys/ELEPHANT i386 >Description: Fix for XSS scripting flaw >How-To-Repeat: >Fix: diff -ruN /usr/ports/mail/squirrelmail/Makefile squirrelmail/Makefile --- /usr/ports/mail/squirrelmail/Makefile Wed Nov 3 09:04:51 2004 +++ squirrelmail/Makefile Mon Nov 8 10:29:56 2004 @@ -7,7 +7,7 @@ PORTNAME= squirrelmail PORTVERSION?= 1.4.3a -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES?= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= squirrelmail diff -ruN /usr/ports/mail/squirrelmail/files/patch-sm143a-xss.diff squirrelmail/files/patch-sm143a-xss.diff --- /usr/ports/mail/squirrelmail/files/patch-sm143a-xss.diff Thu Jan 1 01:00:00 1970 +++ squirrelmail/files/patch-sm143a-xss.diff Mon Nov 8 10:29:15 2004 @@ -0,0 +1,28 @@ +diff -urN functions/mime.php functions/mime.php +--- functions/mime.php 2004-05-23 19:14:11.000000000 +0300 ++++ functions/mime.php 2004-11-03 19:16:50.000000000 +0200 +@@ -602,13 +602,22 @@ + } + $iLastMatch = $i; + $j = $i; +- $ret .= $res[1]; ++ if ($htmlsave) { ++ $ret .= htmlspecialchars($res[1]); ++ } else { ++ $ret .= $res[1]; ++ } + $encoding = ucfirst($res[3]); + switch ($encoding) + { + case 'B': + $replace = base64_decode($res[4]); +- $ret .= charset_decode($res[2],$replace); ++ if ($utfencode) { ++ $replace = charset_decode($res[2],$replace); ++ } elseif ($htmlsave) { ++ $replace = htmlspecialchars($replace); ++ } ++ $ret .= $replace; + break; + case 'Q': + $replace = str_replace('_', ' ', $res[4]); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1CR6on-000H9L-9T>