Your message dated Fri, 10 Mar 2006 05:17:15 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#355424: fixed in squirrelmail 2:1.4.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: squirrelmail
Version: 2:1.4.4-7
Severity: grave
Tags: security
Justification: user security hole
There are several security fixes in squirrel mail 1.4.6 which came out
23 February 2006. But the stable version 1.4.4 hasn't changed since
August of last year.
See http://www.squirrelmail.org/changelog.php and
http://www.squirrelmail.org/security/issue/2006-02-01
http://www.squirrelmail.org/security/issue/2006-02-10
http://www.squirrelmail.org/security/issue/2006-02-15
--- End Message ---
--- Begin Message ---
Source: squirrelmail
Source-Version: 2:1.4.6-1
We believe that the bug you reported is fixed in the latest version of
squirrelmail, which is due to be installed in the Debian FTP archive:
squirrelmail_1.4.6-1.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.6-1.diff.gz
squirrelmail_1.4.6-1.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.6-1.dsc
squirrelmail_1.4.6-1_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.6-1_all.deb
squirrelmail_1.4.6.orig.tar.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated squirrelmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 7 Mar 2006 14:56:06 +0100
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.6-1
Distribution: unstable
Urgency: high
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
squirrelmail - Webmail for nuts
Closes: 354062 354063 354064 355424
Changes:
squirrelmail (2:1.4.6-1) unstable; urgency=high
.
* New upstream release.
* Includes the following security fixes:
- Fix IMAP command injection in sqimap_mailbox_select
with upstream patch. [CVE-2006-0377] (Closes: #354063)
- Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
- Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)
Files:
f982571d61dcbf187c5247eaa3d6bd06 738 web optional squirrelmail_1.4.6-1.dsc
da9e22416fca21ed0636458641187cdb 599318 web optional
squirrelmail_1.4.6.orig.tar.gz
d91d57f8b7a65c9600d04dea8ca6a227 17984 web optional
squirrelmail_1.4.6-1.diff.gz
7f0cd54f915be5be41f71ddb445fbe8c 594826 web optional
squirrelmail_1.4.6-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Signed by Jeroen van Wolffelaar <[EMAIL PROTECTED]>
iD8DBQFEEXoHl2uISwgTVp8RAsELAJ0VuUEDG+9SoJcrSMNDRPfY8dWXuwCeOhXM
J7AMhLsHIKuGVdcK3YiSmNY=
=0ZCh
-----END PGP SIGNATURE-----
--- End Message ---
