[Bug 328938] Re: CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 25 20:48:18 UTC 2009


Thanks for the debdiffs Andreas.

I'm preparing packages for gutsy and hardy now.

For dapper, it seems the debdiff is missing. It looks like the gutsy one
got uploaded twice by mistake.

Could you please re-attach it?

Also, our cve tracker says dapper may still be vulnerable to
CVE-2006-3174 and CVE-2006-3665. Is this something you've looked at?

Thanks!

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-3174

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-3665

** Changed in: squirrelmail (Ubuntu Gutsy)
       Status: In Progress => Fix Committed

** Changed in: squirrelmail (Ubuntu Hardy)
       Status: In Progress => Fix Committed

** Changed in: squirrelmail (Ubuntu Dapper)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
       Status: In Progress => Incomplete

-- 
CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL
https://bugs.launchpad.net/bugs/328938
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list