[Bug 306536] Re: CVE-2008-2379 insufficient input sanitising
Launchpad Bug Tracker
306536 at bugs.launchpad.net
Thu Mar 26 18:21:23 UTC 2009
This bug was fixed in the package squirrelmail - 2:1.4.10a-2ubuntu0.1
---------------
squirrelmail (2:1.4.10a-2ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: cross site scripting issue in the HTML filter.
Patch taken from upstream release. (LP: #306536)
- CVE-2008-2379
- http://www.squirrelmail.org/security/issue/2008-12-04
* SECURITY UPDATE: Cookies sent over HTTPS will now be confined to
HTTPS only (cookie secure flag) and more support for the HTTPOnly
cookie attribute. Patch taken from upstream release. (LP: #328938)
- CVE-2008-3663
- http://www.squirrelmail.org/security/issue/2008-09-28
-- Andreas Wenning <awen at awen.dk> Fri, 13 Feb 2009 08:03:02 +0100
** Changed in: squirrelmail (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3663
--
CVE-2008-2379 insufficient input sanitising
https://bugs.launchpad.net/bugs/306536
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list