Branches for Dapper

Author: Thijs Kinkhorst
Revision Date: 2006-03-07 14:56:06 UTC

* New upstream release.
* Includes the following security fixes:
  - Fix IMAP command injection in sqimap_mailbox_select
    with upstream patch. [CVE-2006-0377] (Closes: #354063)
  - Fix possible XSS in MagicHTML, concerning the parsing
    of u\rl and comments in styles. Internet Explorer
    specific. [CVE-2006-0195] (Closes: #354062)
  - Fix possible cross site scripting through the right_main
    parameter of webmail.php. This now uses a whitelist of
    acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)

Author: Scott Kitterman
Revision Date: 2007-07-20 10:22:13 UTC

Automated backport upload; no source changes.

Author: Andreas Wenning
Revision Date: 2009-03-26 14:21:47 UTC

* SECURITY UPDATE: Possible cookie theft in src/redirect.php if
  register_globals is enabled, and malicous site is running in same
  domain. Patch taken from upstream svn rev 10851. (LP: #348839)
  - CVE-2006-3665
* SECURITY UPDATE: Possible cross-site scripting (XSS) vulnerability in
  search.php, when register_globals is enabled. Patch taken from upstream
  svn rev 11319. (LP: #348839)
  - CVE-2006-3174
  - http://squirrelmail.org/security/issue/2006-06-22

Author: Andreas Wenning
Revision Date: 2009-03-26 14:21:47 UTC

* SECURITY UPDATE: Possible cookie theft in src/redirect.php if
  register_globals is enabled, and malicous site is running in same
  domain. Patch taken from upstream svn rev 10851. (LP: #348839)
  - CVE-2006-3665
* SECURITY UPDATE: Possible cross-site scripting (XSS) vulnerability in
  search.php, when register_globals is enabled. Patch taken from upstream
  svn rev 11319. (LP: #348839)
  - CVE-2006-3174
  - http://squirrelmail.org/security/issue/2006-06-22