Pullup ticket #6302 - requested by taca
mail/roundcube: security fix

Revisions pulled up:
- mail/roundcube-plugin-password/distinfo                      1.21
- mail/roundcube/Makefile.common                                1.21
- mail/roundcube/distinfo                                      1.72

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon Aug 10 22:30:41 UTC 2020

  Modified Files:
  pkgsrc/mail/roundcube: Makefile.common distinfo
  pkgsrc/mail/roundcube-plugin-password: distinfo

  Log Message:
  mail/roundcube: update to 1.4.8

  Update roundcube to 1.4.8, security release.

  RELEASE 1.4.8
  -------------
  - Security: Fix potential XSS issue in HTML editor of the identity signature input (#7507)
  - Managesieve: Fix too-small input field in Elastic when using custom headers (#7498)
  - Fix support for an error as a string in message_before_send hook (#7475)
  - Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500)
  - Elastic: Fix deleted and replied+forwarded icons on messages list (#7503)
  - Managesieve: Allow angle brackets in out-of-office message body (#7518)
  - Fix bug in conversion of email addresses to mailto links in plain text messages (#7526)
  - Fix format=flowed formatting on plain text part derived from the HTML content (#7504)
  - Fix incorrect rewriting of internal links in HTML content (#7512)
  - Fix handling links without defined protocol (#7454)
  - Fix paging of search results on IMAP servers with no SORT capability (#7462)
  - Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525)
  - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
  - Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content

(bsiegert)