Update of irc/ratbox-services port from ratbox-services-1.2.0 to ratbox-services-1.2.1
A security vulnerability was discovered in ratbox-services' email sub-system that is responsible for sending emails to people. By exploiting an unquoted string, it was possible to inject SQL code into the ratbox-services application.
A workaround for this problem would be to disable the email sub-system until any vulnerable versions can be upgraded, the problem is fixed by the new release (1.2.1).
The ratbox devlopers have done a code audit which seems not to indicate any other potential problems, though they will be looking at implementing some additional checks in future branches (1.3.x) to further reduce the chances of such exploits.
The new release also includes a fix of the pcre header and lib detection and notes that multi-language functionality works but may cause some translation string warning messages, meaning some of the RU strings will remain in English.
— posted by Moggie
ratbox-services updated to 1.2.0 | ircd-ratbox-devel updated to 3.0.0beta7
