-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 7 Mar 2006 14:56:06 +0100 Source: squirrelmail Binary: squirrelmail Architecture: source all Version: 2:1.4.6-1 Distribution: unstable Urgency: high Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Changed-By: Thijs Kinkhorst <kink@squirrelmail.org> Description: squirrelmail - Webmail for nuts Closes: 354062 354063 354064 355424 Changes: squirrelmail (2:1.4.6-1) unstable; urgency=high . * New upstream release. * Includes the following security fixes: - Fix IMAP command injection in sqimap_mailbox_select with upstream patch. [CVE-2006-0377] (Closes: #354063) - Fix possible XSS in MagicHTML, concerning the parsing of u\rl and comments in styles. Internet Explorer specific. [CVE-2006-0195] (Closes: #354062) - Fix possible cross site scripting through the right_main parameter of webmail.php. This now uses a whitelist of acceptable values. [CVE-2006-0188] (Closes: #354064, #355424) Files: f982571d61dcbf187c5247eaa3d6bd06 738 web optional squirrelmail_1.4.6-1.dsc da9e22416fca21ed0636458641187cdb 599318 web optional squirrelmail_1.4.6.orig.tar.gz d91d57f8b7a65c9600d04dea8ca6a227 17984 web optional squirrelmail_1.4.6-1.diff.gz 7f0cd54f915be5be41f71ddb445fbe8c 594826 web optional squirrelmail_1.4.6-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Signed by Jeroen van Wolffelaar <jeroen@wolffelaar.nl> iD8DBQFEEXoHl2uISwgTVp8RAsELAJ0VuUEDG+9SoJcrSMNDRPfY8dWXuwCeOhXM J7AMhLsHIKuGVdcK3YiSmNY= =0ZCh -----END PGP SIGNATURE----- Accepted: squirrelmail_1.4.6-1.diff.gz to pool/main/s/squirrelmail/squirrelmail_1.4.6-1.diff.gz squirrelmail_1.4.6-1.dsc to pool/main/s/squirrelmail/squirrelmail_1.4.6-1.dsc squirrelmail_1.4.6-1_all.deb to pool/main/s/squirrelmail/squirrelmail_1.4.6-1_all.deb squirrelmail_1.4.6.orig.tar.gz to pool/main/s/squirrelmail/squirrelmail_1.4.6.orig.tar.gz
