Ubuntu
squirrelmail package

lp:ubuntu/karmic-proposed/squirrelmail

  1. Karmic (9.10)
  2. karmic-proposed
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/karmic-proposed/squirrelmail
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

16. By Leonel Nunez

* SECURITY UPDATE: (LP: #446838)
* Multiple cross-site request forgery (CSRF) in all
  forms submissions
* edited:
  src/addrbook_search_html.php,src/addressbook.php,src/compose.php
  src/folders_create.php,src/folders_delete.php,src/folders.php,
  src/folders_rename_do.php,src/folders_rename_getname.php,
  src/folders_subscribe.php,functions/forms.php,
  functions/mailbox_display.php,src/move_messages.php,
  src/options_highlight.php,src/options_identities.php,
  src/options_order.php,src/options.php,src/search.php,
  functions/strings.php,src/vcard.php
* Fixes : CVE-2009-2964
  - http://www.squirrelmail.org/security/issue/2009-08-12
  - patches taken from upstream rev 13818
  - patches applied inline

15. By Thijs Kinkhorst

* New upstream release.
  + Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
  + Fixes filter plugin regression (closes: #529328)

14. By Thijs Kinkhorst

* New upstream release.
  + Addresses several security issues (closes: #528528):
    CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
* Update to debhelper 7 and policy 3.8.1.
* Make squirrelmail.cron.daily cope with the administrator
  enabling the hashed dir feature, thanks Marcello Nuccio
  (closes: #508287).
* Update Recommends and Suggests:
  + Remove all php4-related relations.
  + Add recommends for php5-mcode which speeds up crypto.
  + Suggest php5-recode for some character sets.
  + Recommend plugins: squirrelmail-viewashtml for HTML mail,
    squirrelmail-logger to provide logging.
  (closes: #523966, #527964)

13. By Thijs Kinkhorst

Address cross site scripting issue in the HTML filter
(CVE-2008-2379).

12. By Thijs Kinkhorst

Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942)

11. By Thijs Kinkhorst

* New upstream security release.
  - Additionally tightens HTML filter for IE <= 5 parsing
    absolutely everything and it's horse.

10. By Thijs Kinkhorst

* Add note to README.Debian about server side sorting (Closes: #394286)
  and regular_globals not being supported.
* Add IfModule conditionals for register_globals setting in
  apache.conf (Closes: #398173).

9. By Thijs Kinkhorst

* Update Debian patch to display options to cope with the custom
  charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
* Suggest php[45]-ldap, Closes: #392306.
* Improve package description.

8. By Thijs Kinkhorst

* New upstream release
  - Includes security fix: variable overwriting in compose.php
    by logged-in user [CVE-2006-4019]
  - Does not ship SquirrelMail developer's documentation anymore.

* Remove duplicate content from README.locales.

7. By Thijs Kinkhorst

* New upstream bugfix release.
  + Addresses some low-impact, theoretical or disputed security bugs,
    for which the code is tightened just-in-case:
    - Possible local file inclusion (Closes: #373731, CVE-2006-2842)
    - XSS in search.php (Closes: #375782, CVE-2006-3174)
  + Adds note to db-backend.txt about postgreSQL (Closes: #376605).

* Checked for standards version to 3.7.2, no changes necessary.
* Update maintainer address.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/squirrelmail
This branch contains Public information 
Everyone can see this information.

Subscribers