Accepted squirrelmail 2:1.4.4-8 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 7 Mar 2006 13:08:55 +0100
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.4-8
Distribution: stable-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <kink@squirrelmail.org>
Description:
squirrelmail - Webmail for nuts
Closes: 354062 354063 354064 355424
Changes:
squirrelmail (2:1.4.4-8) stable-security; urgency=high
.
* Fix IMAP command injection in sqimap_mailbox_select
with upstream patch. [CVE-2006-0377] (Closes: #354063)
* Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
* Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)
Files:
140546ee9c0534419ddcaf3c7e632110 678 web optional squirrelmail_1.4.4-8.dsc
f50548b6f4f24d28afb5e6048977f4da 575871 web optional squirrelmail_1.4.4.orig.tar.gz
15ddd8f4db234006a1ac290087640dfc 24654 web optional squirrelmail_1.4.4-8.diff.gz
2087dcea05cd5e1c4033f15cf120761a 570472 web optional squirrelmail_1.4.4-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEDvGxXm3vHE4uyloRAn2ZAJwN1Zs9zK3jMUyh9xRrr4HUtmOQNwCeLy4L
/FHjFyLK/gah37AB2DoXg74=
=Nfw/
-----END PGP SIGNATURE-----
Accepted:
squirrelmail_1.4.4-8.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
squirrelmail_1.4.4-8.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc
squirrelmail_1.4.4-8_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
Reply to: