lp:ubuntu/edgy-backports/squirrelmail
- Get this branch:
- bzr branch lp:ubuntu/edgy-backports/squirrelmail
Branch merges
Branch information
Recent revisions
- 8. By Thijs Kinkhorst
-
* New upstream release
- Includes security fix: variable overwriting in compose.php
by logged-in user [CVE-2006-4019]
- Does not ship SquirrelMail developer's documentation anymore.* Remove duplicate content from README.locales.
- 7. By Thijs Kinkhorst
-
* New upstream bugfix release.
+ Addresses some low-impact, theoretical or disputed security bugs,
for which the code is tightened just-in-case:
- Possible local file inclusion (Closes: #373731, CVE-2006-2842)
- XSS in search.php (Closes: #375782, CVE-2006-3174)
+ Adds note to db-backend.txt about postgreSQL (Closes: #376605).* Checked for standards version to 3.7.2, no changes necessary.
* Update maintainer address. - 6. By Thijs Kinkhorst
-
* New upstream release.
* Includes the following security fixes:
- Fix IMAP command injection in sqimap_mailbox_ select
with upstream patch. [CVE-2006-0377] (Closes: #354063)
- Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
- Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424) - 5. By Thijs Kinkhorst
-
[ Jeroen van Wolffelaar ]
* Restore squirrelmail-configure manpage, accidently dropped in -1
* Use debhelper compat level 4[ Thijs Kinkhorst ]
* Drop obsolete symlink for attachment dir.
* Do not ship upstream README, which contains hardly any information
relevant to Debian. Extend README.Debian a bit. Thanks W. Borgert.
* Add years to copyright statement. - 4. By Martin Schulze <email address hidden>
-
* Non-maintainer upload by the Security Team
* Corrected the patch based on upstream input
[src/options_ identities. php, CAN-2005-2095] - 3. By Thijs Kinkhorst
-
* Move default_pref config file from /var to /etc, as per Debian policy
(Closes: #293281)
* [JvW] (finally) override two lintian warnings about nonstandard
permissions that are intentional (Closes: #293366) - 2. By Sam Johnston
-
* New upstream release. Closes #230921.
* RFC3501 compliance for mailbox naming (eg trailing spaces).
Closes: #176590, #215183.
* Adds a squirrelmail symlink in /var/www/. Closes: #229282.
* Adds PHP safe_mode workaround to README.Debian. Closes: #222071.
* Adds daily cron job to clean attachments directory. Closes: #228400.
* Checks for config_default.php before copying in postinst.
Closes: #229737.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/squirrelmail