This bug was fixed in the package squirrelmail - 2:1.4.13-2ubuntu1.5 --------------- squirrelmail (2:1.4.13-2ubuntu1.5) hardy-security; urgency=low
* SECURITY UPDATE: (LP: #446838) * Multiple cross-site request forgery (CSRF) in all forms submissions * edited: src/addrbook_search_html.php,src/addressbook.php,src/compose.php src/folders_create.php,src/folders_delete.php,src/folders.php, src/folders_rename_do.php,src/folders_rename_getname.php, src/folders_subscribe.php,functions/forms.php, functions/mailbox_display.php,src/move_messages.php, src/options_highlight.php,src/options_identities.php, src/options_order.php,src/options.php,src/search.php, functions/strings.php,src/vcard.php * Fixes : CVE-2009-2964 - http://www.squirrelmail.org/security/issue/2009-08-12 - patches taken from upstream rev 13818 - patches applied inline -- Leonel Nunez <leo...@enelserver.com> Sun, 11 Oct 2009 06:41:56 -0600 -- Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier https://bugs.launchpad.net/bugs/446838 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs