rpms/roundcubemail/F-12 roundcubemail-0.3.1-CVE-2010-0464.patch, NONE, 1.1 roundcubemail.spec, 1.27, 1.28 sources, 1.14, 1.15
Jon Ciesla
limb at fedoraproject.org
Mon Feb 1 18:40:48 UTC 2010
- Previous message: rpms/roundcubemail/F-11 roundcubemail-0.3.1-CVE-2010-0464.patch, NONE, 1.1 roundcubemail.spec, 1.25, 1.26 sources, 1.14, 1.15
- Next message: rpms/sylpheed/devel .cvsignore, 1.44, 1.45 import.log, 1.2, 1.3 sources, 1.44, 1.45 sylpheed.spec, 1.104, 1.105
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: limb
Update of /cvs/pkgs/rpms/roundcubemail/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12257/F-12
Modified Files:
roundcubemail.spec sources
Added Files:
roundcubemail-0.3.1-CVE-2010-0464.patch
Log Message:
CVE-2010-0464.
roundcubemail-0.3.1-CVE-2010-0464.patch:
rcube_html_page.php | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- NEW FILE roundcubemail-0.3.1-CVE-2010-0464.patch ---
--- program/include/rcube_html_page.php~ 2009-06-22 11:20:34.000000000 -0500
+++ program/include/rcube_html_page.php 2010-02-01 12:21:44.000000000 -0600
@@ -164,7 +164,13 @@
$__page_header.= ' content="text/html; charset=';
$__page_header.= $this->charset . '" />'."\n";
}
-
+ // add hint to disable DNS prefetching
+ if (!headers_sent()) {
+ header('X-DNS-Prefetch-Control: off');
+ } else {
+ $__page_header.= '<meta http-equiv="x-dns-prefetch-control" content="off" />'."\n";
+ }
+
// definition of the code to be placed in the document header and footer
if (is_array($this->script_files['head'])) {
foreach ($this->script_files['head'] as $file) {
Index: roundcubemail.spec
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/F-12/roundcubemail.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- roundcubemail.spec 22 Oct 2009 15:25:54 -0000 1.27
+++ roundcubemail.spec 1 Feb 2010 18:40:48 -0000 1.28
@@ -1,14 +1,14 @@
%define roundcubedir %{_datadir}/roundcubemail
%global _logdir /var/log
Name: roundcubemail
-Version: 0.3
+Version: 0.3.1
Release: 2%{?dist}
Summary: Round Cube Webmail is a browser-based multilingual IMAP client
Group: Applications/System
License: GPLv2
URL: http://www.roundcube.net
-Source0: roundcubemail-%{version}-stable-dep.tar.gz
+Source0: roundcubemail-%{version}-dep.tar.gz
Source1: roundcubemail.conf
Source2: roundcubemail.logrotate
Source4: roundcubemail-README.fedora
@@ -19,6 +19,7 @@ Patch0: roundcubemail-0.2-beta-confpath.
#Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch
#Patch3: roundcubemail-0.2-CVE-2009-0413.patch
Patch4: roundcubemail-0.2-stable-pg-mdb2.patch
+Patch5: roundcubemail-0.3.1-CVE-2010-0464.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n)
@@ -46,13 +47,14 @@ requires the MySQL database or the Postg
interface is fully skinnable using XHTML and CSS 2.
%prep
-%setup -q -n roundcubemail-0.3-stable-dep
+%setup -q -n roundcubemail-%{version}-dep
%patch0 -p0
#%patch1 -p0
#%patch2 -p0
#%patch3 -p0
%patch4 -p0
+%patch5 -p0
# fix permissions and remove any .htaccess files
find . -type f -print | xargs chmod a-x
@@ -144,6 +146,12 @@ exit 0
%config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail
%changelog
+* Mon Feb 01 2010 Jon Ciesla <limb at jcomserv.net> = 0.3.1-2
+- Patch to fix CVE-2010-0464, BZ 560143.
+
+* Mon Nov 30 2009 Jon Ciesla <limb at jcomserv.net> = 0.3.1-1
+- New upstream.
+
* Thu Oct 22 2009 Jon Ciesla <limb at jcomserv.net> = 0.3-2
- Macro fix, BZ530037.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/F-12/sources,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- sources 23 Sep 2009 15:15:34 -0000 1.14
+++ sources 1 Feb 2010 18:40:48 -0000 1.15
@@ -1 +1 @@
-f574e0c1f22194c752f5ae415a90d6cc roundcubemail-0.3-stable-dep.tar.gz
+ad8e3ba04b53e488547f643076722aa5 roundcubemail-0.3.1-dep.tar.gz
- Previous message: rpms/roundcubemail/F-11 roundcubemail-0.3.1-CVE-2010-0464.patch, NONE, 1.1 roundcubemail.spec, 1.25, 1.26 sources, 1.14, 1.15
- Next message: rpms/sylpheed/devel .cvsignore, 1.44, 1.45 import.log, 1.2, 1.3 sources, 1.44, 1.45 sylpheed.spec, 1.104, 1.105
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list