9eab8f48a7
"Apparently this zero-day exploit is already being used by hackers to read Roundcube’s configuration files. It requires a valid username/password as the exploit only works with a valid session. More details will be published soon under CVE-2017-16651. In order to check whether your Roundcube installation has been compromised check the access logs for requests like ?_task=settings&_action=upload-display&_from=timezone As mentioned above, the file disclosure only works for authenticated users and by finding such requests in the logs you should also be able to identify the account used for this unauthorized access. For mitigation we recommend to change the all credentials to external services like database or LDAP address books and preferably also the 'des_key' option in your config."
Documentation for the ports tree: ports(7), packages(7), mirroring-ports(7),
library-specs(7), bsd.port.mk(5), bsd.port.arch.mk(5), port-modules(5).
dpb(1), bulk(8) (manpages under ${PORTSDIR}/infrastructure/man) for bulk builds.
See also the OpenBSD Porter's Handbook http://www.openbsd.org/faq/ports/
$OpenBSD: README,v 1.22 2016/10/17 16:26:52 danj Exp $