[Bug 446838] Re: Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier
Launchpad Bug Tracker
446838 at bugs.launchpad.net
Mon Feb 8 20:19:21 UTC 2010
This bug was fixed in the package squirrelmail - 2:1.4.13-2ubuntu1.5
---------------
squirrelmail (2:1.4.13-2ubuntu1.5) hardy-security; urgency=low
* SECURITY UPDATE: (LP: #446838)
* Multiple cross-site request forgery (CSRF) in all
forms submissions
* edited:
src/addrbook_search_html.php,src/addressbook.php,src/compose.php
src/folders_create.php,src/folders_delete.php,src/folders.php,
src/folders_rename_do.php,src/folders_rename_getname.php,
src/folders_subscribe.php,functions/forms.php,
functions/mailbox_display.php,src/move_messages.php,
src/options_highlight.php,src/options_identities.php,
src/options_order.php,src/options.php,src/search.php,
functions/strings.php,src/vcard.php
* Fixes : CVE-2009-2964
- http://www.squirrelmail.org/security/issue/2009-08-12
- patches taken from upstream rev 13818
- patches applied inline
-- Leonel Nunez <leonel at enelserver.com> Sun, 11 Oct 2009 06:41:56 -0600
--
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier
https://bugs.launchpad.net/bugs/446838
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list