Accepted squirrelmail 2:1.4.6-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 7 Mar 2006 14:56:06 +0100
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.6-1
Distribution: unstable
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <kink@squirrelmail.org>
Description:
squirrelmail - Webmail for nuts
Closes: 354062 354063 354064 355424
Changes:
squirrelmail (2:1.4.6-1) unstable; urgency=high
.
* New upstream release.
* Includes the following security fixes:
- Fix IMAP command injection in sqimap_mailbox_select
with upstream patch. [CVE-2006-0377] (Closes: #354063)
- Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
- Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)
Files:
f982571d61dcbf187c5247eaa3d6bd06 738 web optional squirrelmail_1.4.6-1.dsc
da9e22416fca21ed0636458641187cdb 599318 web optional squirrelmail_1.4.6.orig.tar.gz
d91d57f8b7a65c9600d04dea8ca6a227 17984 web optional squirrelmail_1.4.6-1.diff.gz
7f0cd54f915be5be41f71ddb445fbe8c 594826 web optional squirrelmail_1.4.6-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Signed by Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
iD8DBQFEEXoHl2uISwgTVp8RAsELAJ0VuUEDG+9SoJcrSMNDRPfY8dWXuwCeOhXM
J7AMhLsHIKuGVdcK3YiSmNY=
=0ZCh
-----END PGP SIGNATURE-----
Accepted:
squirrelmail_1.4.6-1.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.6-1.diff.gz
squirrelmail_1.4.6-1.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.6-1.dsc
squirrelmail_1.4.6-1_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.6-1_all.deb
squirrelmail_1.4.6.orig.tar.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.6.orig.tar.gz
Reply to: