security update to roundcubemail-1.4.4

Security fixes: - Cross-Site Scripting (XSS) via malicious HTML content - CSRF attack can cause an authenticated user to be logged out - Remote code execution via crafted config options - Path traversal vulnerability allowing local file inclusion via crafted 'plugins' option The latter two vulnerabilities are classified minor because they only affect Roundcube installations with public access to the Roundcube installer. That’s generally a high-risk situation and is expected to be rare or practically non-existent in productive Roundcube deployments. However, the fixes are done in core in order to also prevent from future and yet unknown attack vectors. Changelog at https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
2020-04-29 23:15:11 +00:00 · 2020-04-29 23:15:11 +00:00 · 218211c334
commit 218211c334
parent 1633e6aa1f
2 changed files with 4 additions and 4 deletions
--- a/mail/roundcubemail/Makefile
+++ b/mail/roundcubemail/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.149 2020/03/22 18:13:36 naddy Exp $
+# $OpenBSD: Makefile,v 1.150 2020/04/29 23:15:11 sthen Exp $

 COMMENT=	imap4 webmail client

-V=		1.4.3
+V=		1.4.4
 DISTNAME=	roundcubemail-$V
 PKGNAME=	roundcubemail-${V:S/-rc/rc/}
 EXTRACT_SUFX=	-complete.tar.gz
--- a/mail/roundcubemail/distinfo
+++ b/mail/roundcubemail/distinfo
@ -1,2 +1,2 @@
-SHA256 (roundcubemail-1.4.3-complete.tar.gz) = JPJQKJ+WGBOiItDLjhRJ3JWwYFM0sv1NRGjs2W5OVL8=
-SIZE (roundcubemail-1.4.3-complete.tar.gz) = 7028284
+SHA256 (roundcubemail-1.4.4-complete.tar.gz) = K4kjg2oPg/mAb//G36JFcFlooABd6rZsEFZXDq4Rx9c=
+SIZE (roundcubemail-1.4.4-complete.tar.gz) = 7029864