Accepted squirrelmail 2:1.4.9a-4 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 19 May 2009 17:27:23 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.9a-4
Distribution: oldstable-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
squirrelmail - Webmail for nuts
Closes: 528528
Changes:
squirrelmail (2:1.4.9a-4) oldstable-security; urgency=high
.
* Upload to oldstable-security to address security issues.
(Closes: #528528)
* Cross site scripting in using PHP_SELF (CVE-2009-1578).
Also fix decrypt_headers, even though we don't ship that.
* Code execution in map_yp_alias, not enabled by default
(CVE-2009-1579).
* Session fixation issue (CVE-2009-1580).
* CSS positioning vulnerability (CVE-2009-1581).
Files:
c3b30d221d83b84f3da9d05d143aa950 1021 web optional squirrelmail_1.4.9a-4.dsc
1ac9a374320a25feb8702c481f07f69d 27710 web optional squirrelmail_1.4.9a-4.diff.gz
67c67fb13e4dc98739aab5264a4438c4 593578 web optional squirrelmail_1.4.9a-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKEtcGAAoJECIIoQCMVaAcHMwH/1G+gHl55kMFep68iDDOMawV
h8S3I74pCK1Wv6lZ2QDASmDznJ8D1L7RI6a48scsZhk0dfSzooOQYzYE8Srvh+hp
nMUxFkwZEOzIyEXO1RM8BHKutksn5cco1slYK6XWezHHOqlCB+G9ZFifM+BcxUQd
HIA04yW89JaOavYxIL7bgKV5kok5m4zS/a1ETZP3OlrSsUGM6OjCuo8pKBjlBokR
y4tmFANdhPMYQHalaec1CSwnHMOENrlC5tFRXNsoPQfz4Ns34jvskofTAK7NiY1W
LIyiBdM3qCw6kN4BYAR3/q+dmEiU1WOv7Zbi/iRliUuXtn/2SiFq8c4et3OQh1c=
=ouAK
-----END PGP SIGNATURE-----
Accepted:
squirrelmail_1.4.9a-4.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4.diff.gz
squirrelmail_1.4.9a-4.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4.dsc
squirrelmail_1.4.9a-4_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4_all.deb
Reply to: