lp:ubuntu/karmic/squirrelmail
- Get this branch:
- bzr branch lp:ubuntu/karmic/squirrelmail
Branch merges
Branch information
Recent revisions
- 15. By Thijs Kinkhorst
-
* New upstream release.
+ Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
+ Fixes filter plugin regression (closes: #529328) - 14. By Thijs Kinkhorst
-
* New upstream release.
+ Addresses several security issues (closes: #528528):
CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
* Update to debhelper 7 and policy 3.8.1.
* Make squirrelmail.cron.daily cope with the administrator
enabling the hashed dir feature, thanks Marcello Nuccio
(closes: #508287).
* Update Recommends and Suggests:
+ Remove all php4-related relations.
+ Add recommends for php5-mcode which speeds up crypto.
+ Suggest php5-recode for some character sets.
+ Recommend plugins: squirrelmail-viewashtml for HTML mail,
squirrelmail-logger to provide logging.
(closes: #523966, #527964) - 12. By Thijs Kinkhorst
-
Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942) - 11. By Thijs Kinkhorst
-
* New upstream security release.
- Additionally tightens HTML filter for IE <= 5 parsing
absolutely everything and it's horse. - 10. By Thijs Kinkhorst
-
* Add note to README.Debian about server side sorting (Closes: #394286)
and regular_globals not being supported.
* Add IfModule conditionals for register_globals setting in
apache.conf (Closes: #398173). - 9. By Thijs Kinkhorst
-
* Update Debian patch to display options to cope with the custom
charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
* Suggest php[45]-ldap, Closes: #392306.
* Improve package description. - 8. By Thijs Kinkhorst
-
* New upstream release
- Includes security fix: variable overwriting in compose.php
by logged-in user [CVE-2006-4019]
- Does not ship SquirrelMail developer's documentation anymore.* Remove duplicate content from README.locales.
- 7. By Thijs Kinkhorst
-
* New upstream bugfix release.
+ Addresses some low-impact, theoretical or disputed security bugs,
for which the code is tightened just-in-case:
- Possible local file inclusion (Closes: #373731, CVE-2006-2842)
- XSS in search.php (Closes: #375782, CVE-2006-3174)
+ Adds note to db-backend.txt about postgreSQL (Closes: #376605).* Checked for standards version to 3.7.2, no changes necessary.
* Update maintainer address. - 6. By Thijs Kinkhorst
-
* New upstream release.
* Includes the following security fixes:
- Fix IMAP command injection in sqimap_mailbox_ select
with upstream patch. [CVE-2006-0377] (Closes: #354063)
- Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
- Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/squirrelmail