Multiple CVEs for Squirrelmail <1.4.17
Bug #375513 reported by
Leonel Nunez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squirrelmail (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Dapper |
Won't Fix
|
High
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned | ||
Intrepid |
Fix Released
|
High
|
Unassigned | ||
Jaunty |
Fix Released
|
High
|
Unassigned | ||
Karmic |
Fix Released
|
High
|
Unassigned |
Bug Description
CSS positioning vulnerability CVE-2009-1581
Session fixation vulnerability CVE-2009-1580
Server-side code injection in map_yp_alias username map CVE-2009-1579
Cross site scripting issues in decrypt_headers.php CVE-2009-1578
Multiple cross site scripting issues CVE-2009-1578
security vulnerability: | no → yes |
Changed in squirrelmail (Ubuntu): | |
assignee: | nobody → Andreas Wenning (andreas-wenning) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in squirrelmail (Ubuntu Jaunty): | |
assignee: | nobody → Andreas Wenning (andreas-wenning) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in squirrelmail (Ubuntu Intrepid): | |
assignee: | nobody → Andreas Wenning (andreas-wenning) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in squirrelmail (Ubuntu Hardy): | |
assignee: | nobody → Andreas Wenning (andreas-wenning) |
status: | New → In Progress |
importance: | Undecided → High |
Changed in squirrelmail (Ubuntu Dapper): | |
assignee: | nobody → Andreas Wenning (andreas-wenning) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in squirrelmail (Ubuntu Intrepid): | |
assignee: | Andreas Wenning (andreas-wenning) → nobody |
Changed in squirrelmail (Ubuntu Jaunty): | |
assignee: | Andreas Wenning (andreas-wenning) → nobody |
Changed in squirrelmail (Ubuntu Hardy): | |
assignee: | Andreas Wenning (andreas-wenning) → nobody |
Changed in squirrelmail (Ubuntu): | |
assignee: | Andreas Wenning (andreas-wenning) → nobody |
status: | In Progress → Triaged |
Changed in squirrelmail (Ubuntu Dapper): | |
status: | In Progress → Triaged |
Changed in squirrelmail (Ubuntu Dapper): | |
status: | Triaged → Won't Fix |
To post a comment you must log in.
Karmic should hopefully auto-sync in a matter of days, as 1.4.18-1 is now in unstable. Here is a debdiffs for hardy through jaunty.
For dapper I'm able to fix 4 out of the 5 security-problems; the last one is simply not possible for me to apply the idea of it to the code; too many changes have happened.
First jaunty debdiff.