[Bug 223547] mail/roundcube: Update to 1.3.3, fixes security vulnerability (CVE-2017-16651)

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223547

            Bug ID: 223547
           Summary: mail/roundcube: Update to 1.3.3, fixes security
                    vulnerability (CVE-2017-16651)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://roundcube.net/news/2017/11/08/security-updates
                    -1.3.3-1.2.7-and-1.1.10
                OS: Any
            Status: New
          Keywords: patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ale at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
          Assignee: ale at FreeBSD.org
             Flags: maintainer-feedback?(ale at FreeBSD.org),
                    merge-quarterly?

Created attachment 187870
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=187870&action=edit
Update roundcube to 1.3.3

A security vulnerability has been discovered in Roundcube, and "... is already
being used by hackers to read Roundcube’s configuration files. It requires a
valid username/password as the exploit only works with a valid session. More
details will be published soon under CVE-2017-16651."

* https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10

Attached is a version bump patch. Builds with Poudriere, 11.1, amd64.

VuXML entry pending.

-- 
You are receiving this mail because:
You are the assignee for the bug.