Ubuntu
squirrelmail package

Bug #446838
Comment #37

Comment 37 for bug 446838

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-04-05:

#37

This bug was fixed in the package squirrelmail - 2:1.4.15-4ubuntu0.3

---------------
squirrelmail (2:1.4.15-4ubuntu0.3) jaunty-security; urgency=low

  * SECURITY UPDATE: (LP: #446838)
  * Multiple cross-site request forgery (CSRF) in all
    forms submissions
  * edited:
    src/addrbook_search_html.php,src/addressbook.php,src/compose.php
    src/folders_create.php,src/folders_delete.php,src/folders.php,
    src/folders_rename_do.php,src/folders_rename_getname.php,
    src/folders_subscribe.php,functions/forms.php,
    functions/mailbox_display.php,src/move_messages.php,
    src/options_highlight.php,src/options_identities.php,
    src/options_order.php,src/options.php,src/search.php,
    functions/strings.php,src/vcard.php
  * Fixes : CVE-2009-2964
    - http://www.squirrelmail.org/security/issue/2009-08-12
    - patches taken from upstream rev 13818
    - patches applied inline
-- Leonel Nunez <email address hidden> Sat, 10 Oct 2009 19:30:41 -0600

Ubuntusquirrelmail package

Comment 37 for bug 446838

Ubuntu
squirrelmail package