This bug was fixed in the package squirrelmail - 2:1.4.15-4ubuntu0.3
---------------
squirrelmail (2:1.4.15-4ubuntu0.3) jaunty-security; urgency=low
* SECURITY UPDATE: (LP: #446838)
* Multiple cross-site request forgery (CSRF) in all
forms submissions
* edited:
src/addrbook_search_html.php,src/addressbook.php,src/compose.php
src/folders_create.php,src/folders_delete.php,src/folders.php,
src/folders_rename_do.php,src/folders_rename_getname.php,
src/folders_subscribe.php,functions/forms.php,
functions/mailbox_display.php,src/move_messages.php,
src/options_highlight.php,src/options_identities.php,
src/options_order.php,src/options.php,src/search.php,
functions/strings.php,src/vcard.php
* Fixes : CVE-2009-2964
- http://www.squirrelmail.org/security/issue/2009-08-12
- patches taken from upstream rev 13818
- patches applied inline
-- Leonel Nunez <[email protected]> Sat, 10 Oct 2009 19:30:41 -0600
--
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail
1.4.19 and earlier
https://bugs.launchpad.net/bugs/446838
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
