lp:ubuntu/karmic/squirrelmail

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Thijs Kinkhorst on 2009-05-21

* New upstream release.
  + Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
  + Fixes filter plugin regression (closes: #529328)

14. By Thijs Kinkhorst on 2009-05-13

* New upstream release.
  + Addresses several security issues (closes: #528528):
    CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
* Update to debhelper 7 and policy 3.8.1.
* Make squirrelmail.cron.daily cope with the administrator
  enabling the hashed dir feature, thanks Marcello Nuccio
  (closes: #508287).
* Update Recommends and Suggests:
  + Remove all php4-related relations.
  + Add recommends for php5-mcode which speeds up crypto.
  + Suggest php5-recode for some character sets.
  + Recommend plugins: squirrelmail-viewashtml for HTML mail,
    squirrelmail-logger to provide logging.
  (closes: #523966, #527964)

13. By Thijs Kinkhorst on 2008-12-07

Address cross site scripting issue in the HTML filter
(CVE-2008-2379).

12. By Thijs Kinkhorst on 2008-09-28

Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942)

11. By Thijs Kinkhorst on 2006-12-04

* New upstream security release.
  - Additionally tightens HTML filter for IE <= 5 parsing
    absolutely everything and it's horse.

10. By Thijs Kinkhorst on 2006-11-13

* Add note to README.Debian about server side sorting (Closes: #394286)
  and regular_globals not being supported.
* Add IfModule conditionals for register_globals setting in
  apache.conf (Closes: #398173).

9. By Thijs Kinkhorst on 2006-10-20

* Update Debian patch to display options to cope with the custom
  charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
* Suggest php[45]-ldap, Closes: #392306.
* Improve package description.

8. By Thijs Kinkhorst on 2006-08-11

* New upstream release
  - Includes security fix: variable overwriting in compose.php
    by logged-in user [CVE-2006-4019]
  - Does not ship SquirrelMail developer's documentation anymore.

* Remove duplicate content from README.locales.

7. By Thijs Kinkhorst on 2006-07-04

* New upstream bugfix release.
  + Addresses some low-impact, theoretical or disputed security bugs,
    for which the code is tightened just-in-case:
    - Possible local file inclusion (Closes: #373731, CVE-2006-2842)
    - XSS in search.php (Closes: #375782, CVE-2006-3174)
  + Adds note to db-backend.txt about postgreSQL (Closes: #376605).

* Checked for standards version to 3.7.2, no changes necessary.
* Update maintainer address.

6. By Thijs Kinkhorst on 2006-03-07

* New upstream release.
* Includes the following security fixes:
  - Fix IMAP command injection in sqimap_mailbox_select
    with upstream patch. [CVE-2006-0377] (Closes: #354063)
  - Fix possible XSS in MagicHTML, concerning the parsing
    of u\rl and comments in styles. Internet Explorer
    specific. [CVE-2006-0195] (Closes: #354062)
  - Fix possible cross site scripting through the right_main
    parameter of webmail.php. This now uses a whitelist of
    acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)