Your message dated Fri, 03 Jul 2009 19:54:12 +0000
with message-id <[email protected]>
and subject line Bug#528528: fixed in squirrelmail 2:1.4.9a-4
has caused the Debian Bug report #528528,
regarding [squirrelmail] Please bring latest security-fix release 1.4.18
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
528528: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528528
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: squirrelmail
Version: 2:1.4.15-4
Severity: normal
Tags: security
X-Debbugs-CC: [email protected]
ANNOUNCE: SquirrelMail 1.4.18 Released
May 12, 2009 by Paul Lesniewski
The SquirrelMail Team is pleased to announce the release of
SquirrelMail version 1.4.18. The most notable changes for this version
are several security fixes, including a couple XSS exploits, a session
fixation issue, and an obscure but dangerous server-side code execution
hole. However, this version also includes three new languages and more
than a few enhancements to things such as the filters plugin, the
address book system and other things under the hood. For more complete
details, see the ReleaseNotes and ChangeLog files included in this
release (they have moved to the doc/ directory). We advise all users of
SquirrelMail software to upgrade. You can download it here.
See also http://www.securityfocus.com/bid/34916/info
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.26-1-486
Debian Release: squeeze/sid
990 testing security.debian.org
990 testing ftp.be.debian.org
500 unstable www.emdebian.org
500 unstable www.debian-multimedia.org
500 unstable sidux.net
500 unstable ftp.be.debian.org
500 unstable debian.jones.dk
500 stable www.debian-multimedia.org
500 stable security.debian.org
1 experimental ftp.be.debian.org
--- Package information. ---
Package's Depends field is empty.
Package's Recommends field is empty.
Package's Suggests field is empty.
--- End Message ---
--- Begin Message ---
Source: squirrelmail
Source-Version: 2:1.4.9a-4
We believe that the bug you reported is fixed in the latest version of
squirrelmail, which is due to be installed in the Debian FTP archive:
squirrelmail_1.4.9a-4.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4.diff.gz
squirrelmail_1.4.9a-4.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4.dsc
squirrelmail_1.4.9a-4_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated squirrelmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 19 May 2009 17:27:23 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.9a-4
Distribution: oldstable-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
squirrelmail - Webmail for nuts
Closes: 528528
Changes:
squirrelmail (2:1.4.9a-4) oldstable-security; urgency=high
.
* Upload to oldstable-security to address security issues.
(Closes: #528528)
* Cross site scripting in using PHP_SELF (CVE-2009-1578).
Also fix decrypt_headers, even though we don't ship that.
* Code execution in map_yp_alias, not enabled by default
(CVE-2009-1579).
* Session fixation issue (CVE-2009-1580).
* CSS positioning vulnerability (CVE-2009-1581).
Files:
c3b30d221d83b84f3da9d05d143aa950 1021 web optional squirrelmail_1.4.9a-4.dsc
1ac9a374320a25feb8702c481f07f69d 27710 web optional
squirrelmail_1.4.9a-4.diff.gz
67c67fb13e4dc98739aab5264a4438c4 593578 web optional
squirrelmail_1.4.9a-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKEtcGAAoJECIIoQCMVaAcHMwH/1G+gHl55kMFep68iDDOMawV
h8S3I74pCK1Wv6lZ2QDASmDznJ8D1L7RI6a48scsZhk0dfSzooOQYzYE8Srvh+hp
nMUxFkwZEOzIyEXO1RM8BHKutksn5cco1slYK6XWezHHOqlCB+G9ZFifM+BcxUQd
HIA04yW89JaOavYxIL7bgKV5kok5m4zS/a1ETZP3OlrSsUGM6OjCuo8pKBjlBokR
y4tmFANdhPMYQHalaec1CSwnHMOENrlC5tFRXNsoPQfz4Ns34jvskofTAK7NiY1W
LIyiBdM3qCw6kN4BYAR3/q+dmEiU1WOv7Zbi/iRliUuXtn/2SiFq8c4et3OQh1c=
=ouAK
-----END PGP SIGNATURE-----
--- End Message ---
