Ubuntu
squirrelmail package

Change logs for squirrelmail source package in Karmic

  1. Karmic (9.10)
  2. Change log 
  • squirrelmail (2:1.4.19-1ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: (LP: #598077)
  * The Mail Fetch plugin allows remote authenticated users to bypass firewall
    restrictions and use SquirrelMail as a proxy to scan internal networks via
    a modified POP3 port number.
    - http://squirrelmail.org/security/issue/2010-06-21
    - CVE-2010-1637
    - Patch taken from upstream svn rev. 13951. Applied inline.
 -- Andreas Wenning <email address hidden>   Thu, 24 Jun 2010 14:17:43 +0200
  • squirrelmail (2:1.4.19-1ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: (LP: #446838)
  * Multiple cross-site request forgery (CSRF) in all
    forms submissions
  * edited:
    src/addrbook_search_html.php,src/addressbook.php,src/compose.php
    src/folders_create.php,src/folders_delete.php,src/folders.php,
    src/folders_rename_do.php,src/folders_rename_getname.php,
    src/folders_subscribe.php,functions/forms.php,
    functions/mailbox_display.php,src/move_messages.php,
    src/options_highlight.php,src/options_identities.php,
    src/options_order.php,src/options.php,src/search.php,
    functions/strings.php,src/vcard.php
  * Fixes : CVE-2009-2964
    - http://www.squirrelmail.org/security/issue/2009-08-12
    - patches taken from upstream rev 13818
    - patches applied inline
 -- Leonel Nunez <email address hidden>   Sun, 11 Oct 2009 19:18:52 -0600
  • squirrelmail (2:1.4.19-1) unstable; urgency=high

  * New upstream release.
    + Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
    + Fixes filter plugin regression (closes: #529328)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  01 Jun 2009 10:46:28 +0100
  • squirrelmail (2:1.4.18-1) unstable; urgency=high

  * New upstream release.
    + Addresses several security issues (closes: #528528):
      CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
  * Update to debhelper 7 and policy 3.8.1.
  * Make squirrelmail.cron.daily cope with the administrator
    enabling the hashed dir feature, thanks Marcello Nuccio
    (closes: #508287).
  * Update Recommends and Suggests:
    + Remove all php4-related relations.
    + Add recommends for php5-mcode which speeds up crypto.
    + Suggest php5-recode for some character sets.
    + Recommend plugins: squirrelmail-viewashtml for HTML mail,
      squirrelmail-logger to provide logging.
    (closes: #523966, #527964)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  15 May 2009 11:13:44 +0100
  • squirrelmail (2:1.4.15-4) unstable; urgency=high

  * Address cross site scripting issue in the HTML filter
    (CVE-2008-2379).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  10 Dec 2008 07:13:44 +0000