Accepted:
OK: squirrelmail_1.4.6-1ubuntu0.1.dsc
-> Component: universe Section: web
OK: squirrelmail_1.4.6-1ubuntu0.1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 May 2007 13:02:10 -0600
Source: squirrelmail
Binary: squirrelmail
Architecture: source
Version: 2:1.4.6-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Leonel Nunez <[EMAIL PROTECTED]>
Description:
squirrelmail - Webmail for nuts
Changes:
squirrelmail (2:1.4.6-1ubuntu0.1) dapper-security; urgency=low
.
* SECURITY UPDATE: XSS and CSRF in various areas, local file inclusion,
variable overwriting.
* src/compose.php, src/right_main.php, src/login.php, src/mailto.php,
src/redirect.php, src/webmail.php, src/mime.php: back-ported fixes for
XSS in compose, draft and HTML mail. (CVE-2006-6142)
http://www.squirrelmail.org/security/issue/2006-12-02
* fuctions/mime.php, src/compose.php, src/view_text.php: back-ported fixes
for XSS in HTML filter (CVE-2007-1262)
http://www.squirrelmail.org/security/issue/2007-05-09
* functions/global.php: back-ported fixes for local file inclusion.
(CVE-2006-2842)
http://www.squirrelmail.org/security/issue/2006-06-01
* functions/auth.php, src/compose.php, src/login.php, src/redirect.php,
src/webmail.php: back-ported fixes for variable overwriting.
(CVE-2006-4019)
http://www.squirrelmail.org/security/issue/2006-08-11
Files:
722a2743d744a0f5c020d45e578f3086 692 web optional
squirrelmail_1.4.6-1ubuntu0.1.dsc
05085435e393ce53beed36a8224dc0ed 26912 web optional
squirrelmail_1.4.6-1ubuntu0.1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGS5MbH/9LqRcGPm0RAqUTAJ0QNzpAfZbD+v0asfYtOfdckCYbewCdHl7V
PEcHD1rT5S9wHe2LJzEUmv4=
=gsV6
-----END PGP SIGNATURE-----
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
