[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
This bug was fixed in the package squirrelmail - 2:1.4.13-2ubuntu1.6 --- squirrelmail (2:1.4.13-2ubuntu1.6) hardy-security; urgency=low * SECURITY UPDATE: (LP: #598077) * The Mail Fetch plugin allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. - http://squirrelmail.org/security/issue/2010-06-21 - CVE-2010-1637 - Patch taken from upstream svn rev. 13951. Applied inline. -- Andreas WenningThu, 24 Jun 2010 14:16:06 +0200 -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
This bug was fixed in the package squirrelmail - 2:1.4.20-1ubuntu0.1 --- squirrelmail (2:1.4.20-1ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: (LP: #598077) * The Mail Fetch plugin allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. - http://squirrelmail.org/security/issue/2010-06-21 - CVE-2010-1637 - Patch taken from upstream svn rev. 13951. Applied inline. -- Andreas WenningThu, 24 Jun 2010 14:18:27 +0200 ** Changed in: squirrelmail (Ubuntu Lucid) Status: Fix Committed => Fix Released ** Changed in: squirrelmail (Ubuntu Karmic) Status: Fix Committed => Fix Released -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
This bug was fixed in the package squirrelmail - 2:1.4.15-4ubuntu0.4 --- squirrelmail (2:1.4.15-4ubuntu0.4) jaunty-security; urgency=low * SECURITY UPDATE: (LP: #598077) * The Mail Fetch plugin allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. - http://squirrelmail.org/security/issue/2010-06-21 - CVE-2010-1637 - Patch taken from upstream svn rev. 13951. Applied inline. -- Andreas WenningThu, 24 Jun 2010 14:16:52 +0200 ** Changed in: squirrelmail (Ubuntu Hardy) Status: Fix Committed => Fix Released -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
This bug was fixed in the package squirrelmail - 2:1.4.19-1ubuntu0.2 --- squirrelmail (2:1.4.19-1ubuntu0.2) karmic-security; urgency=low * SECURITY UPDATE: (LP: #598077) * The Mail Fetch plugin allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. - http://squirrelmail.org/security/issue/2010-06-21 - CVE-2010-1637 - Patch taken from upstream svn rev. 13951. Applied inline. -- Andreas WenningThu, 24 Jun 2010 14:17:43 +0200 ** Changed in: squirrelmail (Ubuntu Jaunty) Status: Fix Committed => Fix Released -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
ACK for hardy - lucid. Thanks Andreas! ** Changed in: squirrelmail (Ubuntu Lucid) Status: Confirmed => Fix Committed ** Changed in: squirrelmail (Ubuntu Lucid) Importance: Undecided => Low ** Changed in: squirrelmail (Ubuntu Hardy) Status: Confirmed => Fix Committed ** Changed in: squirrelmail (Ubuntu Hardy) Importance: Undecided => Low ** Changed in: squirrelmail (Ubuntu Jaunty) Status: Confirmed => Fix Committed ** Changed in: squirrelmail (Ubuntu Jaunty) Importance: Undecided => Low ** Changed in: squirrelmail (Ubuntu Karmic) Status: Confirmed => Fix Committed ** Changed in: squirrelmail (Ubuntu Karmic) Importance: Undecided => Low -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
And lastly, here is one for hardy. Also tested in a hardy chroot. ** Patch added: "squirrelmail_1.4.13-2ubuntu1.6.debdiff" http://launchpadlibrarian.net/50850016/squirrelmail_1.4.13-2ubuntu1.6.debdiff ** Changed in: squirrelmail (Ubuntu Hardy) Status: In Progress => Confirmed -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
Debdiff for jaunty. Tested as well. ** Patch added: "squirrelmail_1.4.15-4ubuntu0.4.debdiff" http://launchpadlibrarian.net/50849951/squirrelmail_1.4.15-4ubuntu0.4.debdiff ** Changed in: squirrelmail (Ubuntu Jaunty) Status: In Progress => Confirmed -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
** Changed in: squirrelmail (Ubuntu Karmic) Status: In Progress => Confirmed -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
** Branch linked: lp:ubuntu/squirrelmail -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
And a debdiff for karmic. Tested likewise. ** Patch added: "squirrelmail_1.4.19-1ubuntu0.2.debdiff" http://launchpadlibrarian.net/50849625/squirrelmail_1.4.19-1ubuntu0.2.debdiff -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
Here comes a debdiff for lucid. Package tested and works in a chroot. ** Patch added: "squirrelmail_1.4.20-1ubuntu0.1.debdiff" http://launchpadlibrarian.net/50849565/squirrelmail_1.4.20-1ubuntu0.1.debdiff ** Changed in: squirrelmail (Ubuntu Lucid) Status: In Progress => Confirmed -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 598077] Re: CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan
This bug was fixed in the package squirrelmail - 2:1.4.20-1ubuntu1 --- squirrelmail (2:1.4.20-1ubuntu1) maverick; urgency=low * SECURITY UPDATE: (LP: #598077) * The Mail Fetch plugin allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. - http://squirrelmail.org/security/issue/2010-06-21 - CVE-2010-1637 - Patch taken from upstream svn rev. 13951. Applied inline. -- Andreas WenningThu, 24 Jun 2010 14:19:29 +0200 ** Changed in: squirrelmail (Ubuntu Maverick) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1637 -- CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan https://bugs.launchpad.net/bugs/598077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
