Back to squirrelmail PTS page

Accepted squirrelmail 2:1.4.21-2 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted squirrelmail 2:1.4.21-2 (source all)
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 08 Aug 2011 13:55:04 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1QqQIK-0003Vk-2y@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 08 Aug 2011 11:57:25 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.21-2
Distribution: stable-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 squirrelmail - Webmail for nuts
Changes: 
 squirrelmail (2:1.4.21-2) stable-security; urgency=high
 .
   * Upload to stable for security fixes.
   * CVE-2011-2023: Messages containing style tags with malicious script
     attributes were being displayed without being fully sanitized.
   * CVE-2010-4554: Clickjacking attack wherein the entire application can
     be loaded in a frame that could overlay other elements on top of
     SquirrelMail's user interface and possibly expose private user data
     to an attacker.
   * CVE-2010-4555 CVE-2011-2752 CVE-2011-2753: An attacker could use one
     of several small bugs in SquirrelMail to inject malicious script into
     various pages or alter the contents of user preferences.
Checksums-Sha1: 
 7e788be0145aab9e526b9c48f7ebb5ec983c11d8 1497 squirrelmail_1.4.21-2.dsc
 7c3ca74aa748cef1d6dc6a0617b2c0554b1d6af0 659870 squirrelmail_1.4.21.orig.tar.gz
 5ab5e25a84127770aff31a5621b8b857a2ec7eb5 23303 squirrelmail_1.4.21-2.diff.gz
 3e57891accedaf6d8aeb3e8a4a7c253320824c7f 634354 squirrelmail_1.4.21-2_all.deb
Checksums-Sha256: 
 3ba35cb5664272825d12f6cb38c1d118ce86126ba1009100ddecbddab7b7c4df 1497 squirrelmail_1.4.21-2.dsc
 f20082bba73389d739ce0050792d7f5f703ced581478da18b6c98f7d9fbee1c9 659870 squirrelmail_1.4.21.orig.tar.gz
 c3cef188787ed822e130903dd150cdc345d452b551c777fc48e1aaf3f7a2bc8a 23303 squirrelmail_1.4.21-2.diff.gz
 c0c76bab06931cac7a1cbe55d95a52b640c5534635231ef2520ae9edd0dce15f 634354 squirrelmail_1.4.21-2_all.deb
Files: 
 85c4e06aa94f5a0d76235afe09ab48cc 1497 web optional squirrelmail_1.4.21-2.dsc
 1e53a47b0544c37705079cb961ef05dc 659870 web optional squirrelmail_1.4.21.orig.tar.gz
 a98ccd27f3f5065db07c3fe985c07546 23303 web optional squirrelmail_1.4.21-2.diff.gz
 c7c6057b858f130b4f0b915d994d75b7 634354 web optional squirrelmail_1.4.21-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOP7XeAAoJEOxfUAG2iX57s/4H/R2zJUHBQdWNkzr9tZ9hTjC1
W/VoQcarEbIGhBLMbr6p/uesGPxB7ZNMJfXQCV1Sf6DmTTWri88yWx6NlkcvLafO
FOSP2HT31hDn/YOZ1UeufQLddSnJR+66jNwKBSy+DntKWphH1qPj5JZ+cmc+kyNx
hmPO+lPP1gZlGCeqtJAguGrI98DrsY2YR1M8LVXTR4lf70rZnCXXhXGSw9gdwjM1
iL1d1AFzGY80OGF8l357ER9EqTdWDiYxShpa390R3j8NVkPvqBVNTnd3/VzlqCpA
RBShhEWkkdKBhB5Qy5E2NGd3dhxRqrwo6I3inzQgq6z20v27IKr4aWQXpTaW0Ik=
=5IpA
-----END PGP SIGNATURE-----


Accepted:
squirrelmail_1.4.21-2.diff.gz
  to main/s/squirrelmail/squirrelmail_1.4.21-2.diff.gz
squirrelmail_1.4.21-2.dsc
  to main/s/squirrelmail/squirrelmail_1.4.21-2.dsc
squirrelmail_1.4.21-2_all.deb
  to main/s/squirrelmail/squirrelmail_1.4.21-2_all.deb