CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2015/12/27 15:13:56
Modified files:
mail/roundcubemail: Tag: OPENBSD_5_8 Makefile distinfo
mail/roundcubemail/pkg: Tag: OPENBSD_5_8 PLIST README
Removed files:
mail/roundcubemail/patches: Tag: OPENBSD_5_8
patch-program_lib_Roundcube_bootstrap_php
Log message:
MFC update to roundcubemail-1.1.4, fixes potential path traversal vulnerability
https://www.htbridge.com/advisory/HTB23283 "Although the vulnerability is not
fully disclosed yet, the attack scenario requires an active Roundcube account
as well as write privileges on the same host Roundcube is served from (without
open_basedir protection)." Also adds protection against brute-force attacks.
http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.4
