lp:ubuntu/karmic-proposed/squirrelmail
- Get this branch:
- bzr branch lp:ubuntu/karmic-proposed/squirrelmail
Branch merges
Branch information
Recent revisions
- 16. By Leonel Nunez
-
* SECURITY UPDATE: (LP: #446838)
* Multiple cross-site request forgery (CSRF) in all
forms submissions
* edited:
src/addrbook_search_ html.php, src/addressbook .php,src/ compose. php
src/folders_create. php,src/ folders_ delete. php,src/ folders. php,
src/folders_rename_ do.php, src/folders_ rename_ getname. php,
src/folders_subscribe. php,functions/ forms.php,
functions/mailbox_ display. php,src/ move_messages. php,
src/options_highlight. php,src/ options_ identities. php,
src/options_order.php, src/options. php,src/ search. php,
functions/strings. php,src/ vcard.php
* Fixes : CVE-2009-2964
- http://www.squirrelmai l.org/security/ issue/2009- 08-12
- patches taken from upstream rev 13818
- patches applied inline - 15. By Thijs Kinkhorst
-
* New upstream release.
+ Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
+ Fixes filter plugin regression (closes: #529328) - 14. By Thijs Kinkhorst
-
* New upstream release.
+ Addresses several security issues (closes: #528528):
CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
* Update to debhelper 7 and policy 3.8.1.
* Make squirrelmail.cron.daily cope with the administrator
enabling the hashed dir feature, thanks Marcello Nuccio
(closes: #508287).
* Update Recommends and Suggests:
+ Remove all php4-related relations.
+ Add recommends for php5-mcode which speeds up crypto.
+ Suggest php5-recode for some character sets.
+ Recommend plugins: squirrelmail-viewashtml for HTML mail,
squirrelmail-logger to provide logging.
(closes: #523966, #527964) - 12. By Thijs Kinkhorst
-
Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942) - 11. By Thijs Kinkhorst
-
* New upstream security release.
- Additionally tightens HTML filter for IE <= 5 parsing
absolutely everything and it's horse. - 10. By Thijs Kinkhorst
-
* Add note to README.Debian about server side sorting (Closes: #394286)
and regular_globals not being supported.
* Add IfModule conditionals for register_globals setting in
apache.conf (Closes: #398173). - 9. By Thijs Kinkhorst
-
* Update Debian patch to display options to cope with the custom
charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
* Suggest php[45]-ldap, Closes: #392306.
* Improve package description. - 8. By Thijs Kinkhorst
-
* New upstream release
- Includes security fix: variable overwriting in compose.php
by logged-in user [CVE-2006-4019]
- Does not ship SquirrelMail developer's documentation anymore.* Remove duplicate content from README.locales.
- 7. By Thijs Kinkhorst
-
* New upstream bugfix release.
+ Addresses some low-impact, theoretical or disputed security bugs,
for which the code is tightened just-in-case:
- Possible local file inclusion (Closes: #373731, CVE-2006-2842)
- XSS in search.php (Closes: #375782, CVE-2006-3174)
+ Adds note to db-backend.txt about postgreSQL (Closes: #376605).* Checked for standards version to 3.7.2, no changes necessary.
* Update maintainer address.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/squirrelmail