Ubuntu
squirrelmail package

  1. Hardy (8.04)
  2. Bug #306536
  3. Comment #4

Comment 4 for bug 306536

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squirrelmail - 2:1.4.10a-2ubuntu0.1

---------------
squirrelmail (2:1.4.10a-2ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: cross site scripting issue in the HTML filter.
    Patch taken from upstream release. (LP: #306536)
    - CVE-2008-2379
    - http://www.squirrelmail.org/security/issue/2008-12-04
  * SECURITY UPDATE: Cookies sent over HTTPS will now be confined to
    HTTPS only (cookie secure flag) and more support for the HTTPOnly
    cookie attribute. Patch taken from upstream release. (LP: #328938)
    - CVE-2008-3663
    - http://www.squirrelmail.org/security/issue/2008-09-28

 -- Andreas Wenning <email address hidden> Fri, 13 Feb 2009 08:03:02 +0100