Back to squirrelmail PTS page

Accepted squirrelmail 2:1.4.15-4+lenny5 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted squirrelmail 2:1.4.15-4+lenny5 (source all)
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 08 Aug 2011 13:55:02 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1QqQII-0003V7-Ah@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 08 Aug 2011 12:25:12 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.15-4+lenny5
Distribution: oldstable-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 squirrelmail - Webmail for nuts
Closes: 593465
Changes: 
 squirrelmail (2:1.4.15-4+lenny5) oldstable-security; urgency=high
 .
   * Upload to lenny-security.
   * Fix regression in patch for CVE-2010-2813 that caused a
     fatal error when logging in with a password which uses
     8 bit characters (closes: #593465). Thanks Micah Anderson
     and Jan Kontze for their debugging help.
   * CVE-2011-2023: Messages containing style tags with malicious script
     attributes were being displayed without being fully sanitized.
   * CVE-2010-4554: Clickjacking attack wherein the entire application can
     be loaded in a frame that could overlay other elements on top of
     SquirrelMail's user interface and possibly expose private user data
     to an attacker.
   * CVE-2010-4555 CVE-2011-2752 CVE-2011-2753: An attacker could use one
     of several small bugs in SquirrelMail to inject malicious script into
     various pages or alter the contents of user preferences.
Checksums-Sha1: 
 d3799e4c51e6b0f2e943b8170a1430be125f3317 1525 squirrelmail_1.4.15-4+lenny5.dsc
 1d570bc8ba76045f5007906eb037964a7968aa33 36970 squirrelmail_1.4.15-4+lenny5.diff.gz
 509f7bfc3bd4479466084e4311c96ffd7516243f 612756 squirrelmail_1.4.15-4+lenny5_all.deb
Checksums-Sha256: 
 f5e9dca7fdd90e4242437536d4584186538812c378ab66bc28b93ee18b1ca945 1525 squirrelmail_1.4.15-4+lenny5.dsc
 185ebd644c3ad03e2d0f459c0efd3e5b0c90eea8b3ab9f1cd6f23ce70105b010 36970 squirrelmail_1.4.15-4+lenny5.diff.gz
 c85bcfb32e2c2258ab31163a6341360eb12ef41eefe04f27c6f06a6403c02e46 612756 squirrelmail_1.4.15-4+lenny5_all.deb
Files: 
 c063fb1f52ec323d8a1770b61125efe9 1525 web optional squirrelmail_1.4.15-4+lenny5.dsc
 ff5ea55dee7700ea3cc6c67935c5ed57 36970 web optional squirrelmail_1.4.15-4+lenny5.diff.gz
 108acd6420447abbc0951d562340b9a0 612756 web optional squirrelmail_1.4.15-4+lenny5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOP8J1AAoJEOxfUAG2iX578WYH/0/7fajowdZENZ5HmPeaTSTq
b66tq87HgBWhYz6S5Ot7jWHb9DS5W5LivDVjsVXVhD2WkLePGnxizQ7nkFtdiccb
AUO6K44AH3lWlKPhhOrkdioPwD7SSa52L7I4ZsBBuJx6OGPsvUo1Y4wb9hmTnu75
Zu6P4brb2ngwYUMIIV+xi1Ca05RAsMHtMGOwYJqCsKIdWNqhunDFUXxlQlZ2lUR+
ddAgnywMtJr5stTHKrPngbM8EyHUsZbMUXhJ/o8ZxYPB7ZqTDdwvP0UHwBUIbAvf
WOGq3pVifJNhOeAuhYQIiovRq8xhR7sXSufW3nw4EGFGyUYXRoeKJK24iD7Wiic=
=YfbL
-----END PGP SIGNATURE-----


Accepted:
squirrelmail_1.4.15-4+lenny5.diff.gz
  to main/s/squirrelmail/squirrelmail_1.4.15-4+lenny5.diff.gz
squirrelmail_1.4.15-4+lenny5.dsc
  to main/s/squirrelmail/squirrelmail_1.4.15-4+lenny5.dsc
squirrelmail_1.4.15-4+lenny5_all.deb
  to main/s/squirrelmail/squirrelmail_1.4.15-4+lenny5_all.deb