Accepted squirrelmail 1:1.2.6-2 (all source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Jan 2005 18:27:25 +0100
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 1:1.2.6-2
Distribution: stable-security
Urgency: high
Maintainer: Sam Johnston <samj@debian.org>
Changed-By: Thijs Kinkhorst <kink@squirrelmail.org>
Description:
squirrelmail - Webmail for nuts
Closes: 292714
Changes:
squirrelmail (1:1.2.6-2) stable-security; urgency=high
.
* Security upload
* [CAN-2005-0152] Close security hole where URL-manipulation in combination
with register_globals and allow_url_fopen both set to On could lead to
remote code execution as the www-data user. (Closes: #292714).
This issue is specific to exactly version 1.2.6 of SquirrelMail (older
and newer versions not vulnerable). Thanks Grant Hollingworth for
discovering this bug and notifying us about it.
* [CAN-2005-0104] Fix possible XSS issues in src/webmail.php.
Files:
4900cffd3e5d45735f65c21476efc806 646 web optional squirrelmail_1.2.6-2.dsc
4614ece547701e83d640b5740bb59d51 21204 web optional squirrelmail_1.2.6-2.diff.gz
2d23a6986ab2862bb1acd160b5a2919c 1840668 web optional squirrelmail_1.2.6-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Signed by Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
iD8DBQFB/RpYl2uISwgTVp8RApKvAJsEYt+t9KjcusfFtDVgGOjLS5lVVACfV8OV
4Pr+HwmqkWlp1pEHefK8DrM=
=q3FH
-----END PGP SIGNATURE-----
Accepted:
squirrelmail_1.2.6-2.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.2.6-2.diff.gz
squirrelmail_1.2.6-2.dsc
to pool/main/s/squirrelmail/squirrelmail_1.2.6-2.dsc
squirrelmail_1.2.6-2_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.2.6-2_all.deb
Reply to: