Number of commits found: 10

Remove www/horde2 & mail/imp3 and resurrect www/horde & mail/imp.

PR:             ports/75434
Submitted by:   /me.

Upgrade to 3.2.6.

Changes in this release:
    - SECURITY: Removed tags with -moz-binding: styles in the HTML MIME viewer.
    - SECURITY: Removed scripts from <base> tags in the HTML MIME viewer.
    - SECURITY: Removed scripts from obfuscated "on..." attributes in the HTML
      MIME viewer.
    - Updated translations: Slovak and Slovenian.

The script vulnerabilities can only be exposed with certain browsers and allow
XSS attacks when viewing HTML messages with the HTML MIME viewer.

Approved by:    portmgr (marcus)

- SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
  reported in http://www.greymagic.com/security/advisories/gm005-mc/.
  This vulnerability only exists when using the Internet Explorer to
  access IMP and only when using the inline MIME viewer for HTML messages.

- Commented out the complete <style> tags in the HTML viewer to avoid CSS
  code appearing in the message.

- Fixed a cosmetic issue with broken mail servers that return quotes where
  they should not (Bug #292).  <- edwin ;-)

- Updated translations: Estonian, German.

Changes in this release:
    - SECURITY: Close an XSS hole exploited via the Content-type header
      of malicious emails.
    - Fix conversion of folder names in some non-ascii charsets with buggy
      iconv implementations.
    - Filter out <base> tags when viewing HTML messages (Bug #10).
    - Encode subject when saving as draft.

Upgrading to IMP 3.2.3.

The full list of changes (from version 3.2.2) can be viewed here:
<http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.94&r2=1.389.2.101&ty=h>.

PR:             ports/63855.
Submitted by:   maintainer.
Approved by:    mat (mentor).

mail/imp3: upgrading to 3.2.2 - includes security fixes.

        Upgrading to the latests stable release. This includes
        several security fixes.

        The full list of changes (from 3.2.1) can be viewed here:
       
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.83&;r2=1.389.2.94&ty=h

PR:             ports/56099
Submitted by:   Thierry Thomas <thierry@pompo.net>

mail/imp3: upgrading to IMP 3.2.

        - Several workarounds for buggy browser behaviour when downloading
          attachments
        - Warning before a user session times out
        - Allow creation of folder names in other charsets than iso-8859-1
        - New image mime type viewer
        - VFS (Virtual Filesystem) support for attachments in composed messages
        - New translations: Bulgarian, Lithuanian, Romanian, Latvian, Catalan
        - Many bug fixes.

PR:             ports/48645
Submitted by:   Thierry Thomas <thierry@pompo.net>

Update to 3.1 final, bump PORTREVISION.

PR:             39173
Submitted by:   maintainer

Update to RC3.

PR:             38263
Submitted by:   maintainer

Upgrade to 3.1 RC2.
PR:     ports/36906
Submitted by:   maintainer

Number of commits found: 10

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities