Branches for Jaunty

Author: Thijs Kinkhorst
Revision Date: 2008-12-07 16:18:03 UTC

Address cross site scripting issue in the HTML filter
(CVE-2008-2379).

Author: Leonel Nunez
Revision Date: 2009-10-10 19:30:41 UTC

* SECURITY UPDATE: (LP: #446838)
* Multiple cross-site request forgery (CSRF) in all
  forms submissions
* edited:
  src/addrbook_search_html.php,src/addressbook.php,src/compose.php
  src/folders_create.php,src/folders_delete.php,src/folders.php,
  src/folders_rename_do.php,src/folders_rename_getname.php,
  src/folders_subscribe.php,functions/forms.php,
  functions/mailbox_display.php,src/move_messages.php,
  src/options_highlight.php,src/options_identities.php,
  src/options_order.php,src/options.php,src/search.php,
  functions/strings.php,src/vcard.php
* Fixes : CVE-2009-2964
  - http://www.squirrelmail.org/security/issue/2009-08-12
  - patches taken from upstream rev 13818
  - patches applied inline

Author: Andreas Wenning
Revision Date: 2010-06-24 14:16:52 UTC

* SECURITY UPDATE: (LP: #598077)
* The Mail Fetch plugin allows remote authenticated users to bypass firewall
  restrictions and use SquirrelMail as a proxy to scan internal networks via
  a modified POP3 port number.
  - http://squirrelmail.org/security/issue/2010-06-21
  - CVE-2010-1637
  - Patch taken from upstream svn rev. 13951. Applied inline.

Author: Andreas Wenning
Revision Date: 2010-06-24 14:16:52 UTC

* SECURITY UPDATE: (LP: #598077)
* The Mail Fetch plugin allows remote authenticated users to bypass firewall
  restrictions and use SquirrelMail as a proxy to scan internal networks via
  a modified POP3 port number.
  - http://squirrelmail.org/security/issue/2010-06-21
  - CVE-2010-1637
  - Patch taken from upstream svn rev. 13951. Applied inline.