openSUSE-SU-2017:0488-1

Описание

postfixadmin was updated to 3.0.2 to fix the following issues:

• PostfixAdmin 3.0.2:

  • SECURITY: don't allow to delete protected aliases (CVE-2017-5930, boo#1024211)
  • fix VacationHandler for PostgreSQL
  • AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with lots of mailboxes
  • allow switching between dovecot:* password schemes while still accepting passwords hashed using the previous dovecot:* scheme
  • FetchmailHandler: use a valid date as default for 'date'
  • fix date formatting in non-english languages when using PostgreSQL
  • various small fixes

• PostfixAdmin 3.0:

  • add sqlite backend option
  • add configurable smtp helo (CONF['smtp_client'])
  • new translation: ro (Romanian)
  • language update: tw, cs, de
  • fix escaping in gen_show_status() (could be used to DOS list-virtual by creating a mail address with special chars)
  • add CSRF protection for POST requests
  • list.tpl: base edit/editactive/delete links in list.tpl on $RAW_item to avoid double escaping, and fix some corner cases
  • fix db_quota_text() for postgresql (concat() vs. ||)
  • change default date for 'created' and 'updated' columns from 0000-00-00 (which causes problems with MySQL strict mode) to 2000-01-01
  • allow punicode even in TLDs
  • update Smarty to 3.1.29
  • add checks to login.php and cli to ensure database layout is up to date
  • whitelist '-1' as valid value for postfixadmin-cli
  • don't stripslashes() the password in pacrypt
  • various small bugfixes