Accepted squirrelmail 2:1.4.6-1ubuntu0.1 (source)

Ubuntu Installer archive at ubuntu.com
Thu May 17 00:55:10 BST 2007


Accepted:
 OK: squirrelmail_1.4.6-1ubuntu0.1.dsc
     -> Component: universe Section: web
 OK: squirrelmail_1.4.6-1ubuntu0.1.diff.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 16 May 2007 13:02:10 -0600
Source: squirrelmail
Binary: squirrelmail
Architecture: source
Version: 2:1.4.6-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Jeroen van Wolffelaar <jeroen at wolffelaar.nl>
Changed-By: Leonel Nunez <leonel at enelserver.com>
Description: 
 squirrelmail - Webmail for nuts
Changes: 
 squirrelmail (2:1.4.6-1ubuntu0.1) dapper-security; urgency=low
 .
   * SECURITY UPDATE: XSS and CSRF in various areas, local file inclusion,
     variable overwriting.
   * src/compose.php, src/right_main.php, src/login.php, src/mailto.php,
     src/redirect.php, src/webmail.php, src/mime.php: back-ported fixes for
     XSS in compose, draft and HTML mail. (CVE-2006-6142)
     http://www.squirrelmail.org/security/issue/2006-12-02
   * fuctions/mime.php, src/compose.php, src/view_text.php: back-ported fixes
     for XSS in HTML filter (CVE-2007-1262)
     http://www.squirrelmail.org/security/issue/2007-05-09
   * functions/global.php: back-ported fixes for local file inclusion.
     (CVE-2006-2842)
     http://www.squirrelmail.org/security/issue/2006-06-01
   * functions/auth.php, src/compose.php, src/login.php, src/redirect.php,
     src/webmail.php: back-ported fixes for variable overwriting.
     (CVE-2006-4019)
     http://www.squirrelmail.org/security/issue/2006-08-11
Files: 
 722a2743d744a0f5c020d45e578f3086 692 web optional squirrelmail_1.4.6-1ubuntu0.1.dsc
 05085435e393ce53beed36a8224dc0ed 26912 web optional squirrelmail_1.4.6-1ubuntu0.1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGS5MbH/9LqRcGPm0RAqUTAJ0QNzpAfZbD+v0asfYtOfdckCYbewCdHl7V
PEcHD1rT5S9wHe2LJzEUmv4=
=gsV6
-----END PGP SIGNATURE-----





More information about the dapper-changes mailing list