-
squirrelmail (2:1.4.19-1ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: (LP: #598077)
* The Mail Fetch plugin allows remote authenticated users to bypass firewall
restrictions and use SquirrelMail as a proxy to scan internal networks via
a modified POP3 port number.
- http://squirrelmail.org/security/issue/2010-06-21
- CVE-2010-1637
- Patch taken from upstream svn rev. 13951. Applied inline.
-- Andreas Wenning <email address hidden> Thu, 24 Jun 2010 14:17:43 +0200
-
squirrelmail (2:1.4.19-1ubuntu0.1) karmic-security; urgency=low
* SECURITY UPDATE: (LP: #446838)
* Multiple cross-site request forgery (CSRF) in all
forms submissions
* edited:
src/addrbook_search_html.php,src/addressbook.php,src/compose.php
src/folders_create.php,src/folders_delete.php,src/folders.php,
src/folders_rename_do.php,src/folders_rename_getname.php,
src/folders_subscribe.php,functions/forms.php,
functions/mailbox_display.php,src/move_messages.php,
src/options_highlight.php,src/options_identities.php,
src/options_order.php,src/options.php,src/search.php,
functions/strings.php,src/vcard.php
* Fixes : CVE-2009-2964
- http://www.squirrelmail.org/security/issue/2009-08-12
- patches taken from upstream rev 13818
- patches applied inline
-- Leonel Nunez <email address hidden> Sun, 11 Oct 2009 19:18:52 -0600
-
squirrelmail (2:1.4.19-1) unstable; urgency=high
* New upstream release.
+ Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
+ Fixes filter plugin regression (closes: #529328)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 01 Jun 2009 10:46:28 +0100
-
squirrelmail (2:1.4.18-1) unstable; urgency=high
* New upstream release.
+ Addresses several security issues (closes: #528528):
CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
* Update to debhelper 7 and policy 3.8.1.
* Make squirrelmail.cron.daily cope with the administrator
enabling the hashed dir feature, thanks Marcello Nuccio
(closes: #508287).
* Update Recommends and Suggests:
+ Remove all php4-related relations.
+ Add recommends for php5-mcode which speeds up crypto.
+ Suggest php5-recode for some character sets.
+ Recommend plugins: squirrelmail-viewashtml for HTML mail,
squirrelmail-logger to provide logging.
(closes: #523966, #527964)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 15 May 2009 11:13:44 +0100
-
squirrelmail (2:1.4.15-4) unstable; urgency=high
* Address cross site scripting issue in the HTML filter
(CVE-2008-2379).
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 10 Dec 2008 07:13:44 +0000