Comment 6 for bug 115149
Revision history for this message
| Leonel Nunez (leonelnunez) wrote Re: Request backport for squirrelmail from gutsy to dapper and edgy | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
debian/changelog since dapper release
squirrelmail (2:1.4.
* SECURITY UPDATE: XSS and CSRF in various areas, local file inclusion,
variable overwriting.
* src/compose.php, src/right_main.php, src/login.php, src/mailto.php,
src/
XSS in compose, draft and HTML mail. (CVE-2006-6142)
http://
* fuctions/mime.php, src/compose.php, src/view_text.php: back-ported fixes
for XSS in HTML filter (CVE-2007-1262)
http://
* functions/
(CVE-2006-2842)
http://
* functions/auth.php, src/compose.php, src/login.php, src/redirect.php,
src/
(CVE-2006-4019)
http://
-- Leonel Nunez <email address hidden> Wed, 16 May 2007 13:02:10 -0600
squirrelmail (2:1.4.6-1) unstable; urgency=high
* New upstream release.
* Includes the following security fixes:
- Fix IMAP command injection in sqimap_
with upstream patch. [CVE-2006-0377] (Closes: #354063)
- Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
- Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)
-- Thijs Kinkhorst <email address hidden> Tue, 7 Mar 2006 14:56:06 +0100