---
- branch: pkgsrc-2019Q2
  date: Fri Aug  9 12:38:43 UTC 2019
  files:
  - new: 1.136.2.1
    old: '1.136'
    path: pkgsrc/mail/squirrelmail/Makefile
    pathrev: pkgsrc/mail/squirrelmail/Makefile@1.136.2.1
    type: modified
  - new: 1.41.20.1
    old: '1.41'
    path: pkgsrc/mail/squirrelmail/PLIST
    pathrev: pkgsrc/mail/squirrelmail/PLIST@1.41.20.1
    type: modified
  - new: 1.70.10.1
    old: '1.70'
    path: pkgsrc/mail/squirrelmail/distinfo
    pathrev: pkgsrc/mail/squirrelmail/distinfo@1.70.10.1
    type: modified
  id: 20190809T123843Z.af50c99244ef2b4c2444e8ea3850eb7def14b183
  log: "Pullup ticket #6012 - requested by taca\nmail/squirrelmail: security fix\n\nRevisions
    pulled up:\n- mail/squirrelmail/Makefile                                    1.137\n-
    mail/squirrelmail/PLIST                                       1.42\n- mail/squirrelmail/distinfo
    \                                   1.71\n\n---\n   Module Name:\tpkgsrc\n   Committed
    By:\ttaca\n   Date:\t\tWed Jul 24 03:49:35 UTC 2019\n\n   Modified Files:\n   \tpkgsrc/mail/squirrelmail:
    Makefile PLIST distinfo\n\n   Log Message:\n   mail/squirrelmail: update to 1.4.23pre14832\n\n
    \  Update squirrelmail to 1.4.23pre14832.\n\n   - Changed anti-CSRF security token
    lifetime to be session-based.\n   - Added favicon and ability for admins to use
    their own by setting\n     $head_tag_extra in config_local.php (see documented
    comments in,\n     for example, src/webmail.php)\n   - Altered hook types \"do_hook_function\"
    and \"concat_hook_function\"\n     such that the ultimate hook return value (in
    its current state,\n     as computed (or not) by the plugins that have executed
    previously)\n     is both globalized and passed as an additional argument to each\n
    \    plugin.  This allows plugins to cooperate better and not overwrite\n     each
    other's return values.\n   - Updated SVG handling, closing several related vulnerabilities\n
    \    (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]\n     [CVE-2018-14953]
    [CVE-2018-14954] [CVE-2018-14955]\n   - Added IMAP ID command (RFC2971), sent
    after every login - use\n     by setting $imap_id_command_args in config/config_local.php\n
    \    (see notes in functions/imap_general.php for more details)\n   - Fixed PHP7
    warnings (#2847)\n   - Added handling for RCDATA and RAWTEXT elements in HTML
    sanitizer\n     [CVE-2019-12970]\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2019Q2] pkgsrc/mail/squirrelmail'
  unixtime: '1565354323'
  user: bsiegert