[Bug 115149] Re: Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

Scott Kitterman ubuntu at kitterman.com
Mon Jul 16 04:16:07 BST 2007 

** Summary changed:

- Request backport for squirrelmail from gutsy to dapper  and edgy
+ Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

** Description changed:

- squirrelmail  backported version to dapper   has security bugs  fixed in
- gutsy
+ Gutsy 2:1.4.10a-2 to Dapper (was 2:1.4.6-1/2:1.4.6-1ubuntu0.1/2:1.4.8-1~dapper1 - previous backport)
+ Gutsy 2:1.4.10a-2 to Edgy (was 2:1.4.8-1/ 2:1.4.8-1ubuntu0.1)
+ Gutsy 2:1.4.10a-2 to Feisty (was 2:1.4.9a-1/2:1.4.9a-1ubuntu0.1)
+ 
+ Gutsy 2:1.4.10a-2 has been built, installed, and tested on all three
+ releases.
+ 
+ Debian/changelog since the oldest release above:
+ 
+ squirrelmail (2:1.4.10a-2) unstable; urgency=low
+ 
+   * Make use of new dictionaries-common SquirrelMail interface to
+     detect the installed squirrelspell dictionaries (Closes: #420877).
+   * Remove obsolete upgrading code.
+   * Make sure config files are not closed with '?>' since it's then
+     too easy to get stray whitespace at the end of the file.
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Thu, 31 May 2007 19:34:29 +0200
+ 
+ squirrelmail (2:1.4.10a-1) unstable; urgency=high
+ 
+   * New upstream security release.
+     - Fixes cross site scripting in the HTML filter [CVE-2007-1262]
+     - Tweaks SMTP error message display (Closes: #403705).
+     - Fixes address duplication on reply-all (Closes: #408242).
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Thu, 10 May 2007 12:04:48 +0200
+ 
+ squirrelmail (2:1.4.9a-1) unstable; urgency=high
+ 
+   * New upstream security release.
+     - Additionally tightens HTML filter for IE <= 5 parsing
+       absolutely everything and its horse.
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Mon,  4 Dec 2006 09:18:09 +0100
+ 
+ squirrelmail (2:1.4.9-1) unstable; urgency=high
+ 
+   * New upstream bugfix release.
+     - Includes cross site scripting security fix [CVE-2006-6142].
+     - Includes Internet Explorer security issue workaround.
+     - Fixes misspelled constant (Closes: #401022)
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Sat,  2 Dec 2006 17:35:43 +0100
+ 
+ squirrelmail (2:1.4.8-3) unstable; urgency=low
+ 
+   * Add note to README.Debian about server side sorting (Closes: #394286)
+     and regular_globals not being supported.
+   * Add IfModule conditionals for register_globals setting in
+     apache.conf (Closes: #398173).
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Mon, 13 Nov 2006 16:29:33 +0100
+ 
+ squirrelmail (2:1.4.8-2) unstable; urgency=low
+ 
+   * Update Debian patch to display options to cope with the custom
+     charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
+   * Suggest php[45]-ldap, Closes: #392306.
+   * Improve package description.
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Fri, 20 Oct 2006 16:36:36 +0200
+ 
+ squirrelmail (2:1.4.8-1) unstable; urgency=high
+ 
+   * New upstream release
+     - Includes security fix: variable overwriting in compose.php
+       by logged-in user [CVE-2006-4019]
+     - Does not ship SquirrelMail developer's documentation anymore.
+ 
+   * Remove duplicate content from README.locales.
+ 
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Fri, 11 Aug 2006 13:53:20 +0200
+ 
+ squirrelmail (2:1.4.7-1) unstable; urgency=low
+ 
+   * New upstream bugfix release.
+     + Addresses some low-impact, theoretical or disputed security bugs,
+       for which the code is tightened just-in-case:
+       - Possible local file inclusion (Closes: #373731, CVE-2006-2842)
+       - XSS in search.php (Closes: #375782, CVE-2006-3174)
+     + Adds note to db-backend.txt about postgreSQL (Closes: #376605).
+ 
+   * Checked for standards version to 3.7.2, no changes necessary.
+   * Update maintainer address.
+ 
+  -- Thijs Kinkhorst <thijs at debian.org>  Tue,  4 Jul 2006 14:49:23 +0200

** Changed in: dapper-backports (upstream)
       Status: New => In Progress

** Changed in: edgy-backports (upstream)
       Status: New => In Progress

** Changed in: feisty-backports (upstream)
       Status: New => In Progress

-- 
Please backport for squirrelmail from gutsy to dapper, edgy, and feisty
https://bugs.launchpad.net/bugs/115149
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list