Public bug reported: Binary package hint: squirrelmail
=== Official description === An issue was fixed that allowed the cookies of a session started over SSL (https) to be transmitted over HTTP aswell. This affects installations that offer SquirrelMail both over HTTP and HTTPS. This is known as setting the "secure" flag of the cookie. An override option has been added that can be used when you have a need to continue a session over HTTP that has been started over HTTPS, although we do not recommend that. === Further info === http://www.squirrelmail.org/security/issue/2008-09-28 === Affects === jaunty: already fixed (from debian) intrepid: already fixed (from debian) hardy: affected gutsy: affected dapper: affected dapper/backports: affected; new backport from gutsy should be made after this has been fixed === More info === The debdiffs for gutsy and dapper contains the patch for CVE-2008-2379 (see bug 306536) as well. ** Affects: squirrelmail (Ubuntu) Importance: Undecided Status: New -- CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL https://bugs.launchpad.net/bugs/328938 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
