[Bug 328938] Re: CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL
Andreas Wenning
awen at awen.dk
Fri Feb 13 07:22:28 UTC 2009
squirrelmail (2:1.4.6-1ubuntu0.2) dapper-security; urgency=low
* SECURITY UPDATE: cross site scripting issue in the HTML filter.
Patch taken from upstream release. (LP: #306536)
- CVE-2008-2379
- http://www.squirrelmail.org/security/issue/2008-12-04
* SECURITY UPDATE: Cookies sent over HTTPS will now be confined to
HTTPS only (cookie secure flag) and more support for the HTTPOnly
cookie attribute. Patch taken from upstream release. (LP: #328938)
- CVE-2008-3663
- http://www.squirrelmail.org/security/issue/2008-09-28
** Attachment added: "squirrelmail_1.4.10a-2ubuntu0.1.debdiff"
http://launchpadlibrarian.net/22574561/squirrelmail_1.4.10a-2ubuntu0.1.debdiff
--
CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL
https://bugs.launchpad.net/bugs/328938
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list