-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 7 Mar 2006 13:08:55 +0100 Source: squirrelmail Binary: squirrelmail Architecture: source all Version: 2:1.4.4-8 Distribution: stable-security Urgency: high Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Changed-By: Thijs Kinkhorst <kink@squirrelmail.org> Description: squirrelmail - Webmail for nuts Closes: 354062 354063 354064 355424 Changes: squirrelmail (2:1.4.4-8) stable-security; urgency=high . * Fix IMAP command injection in sqimap_mailbox_select with upstream patch. [CVE-2006-0377] (Closes: #354063) * Fix possible XSS in MagicHTML, concerning the parsing of u\rl and comments in styles. Internet Explorer specific. [CVE-2006-0195] (Closes: #354062) * Fix possible cross site scripting through the right_main parameter of webmail.php. This now uses a whitelist of acceptable values. [CVE-2006-0188] (Closes: #354064, #355424) Files: 140546ee9c0534419ddcaf3c7e632110 678 web optional squirrelmail_1.4.4-8.dsc f50548b6f4f24d28afb5e6048977f4da 575871 web optional squirrelmail_1.4.4.orig.tar.gz 15ddd8f4db234006a1ac290087640dfc 24654 web optional squirrelmail_1.4.4-8.diff.gz 2087dcea05cd5e1c4033f15cf120761a 570472 web optional squirrelmail_1.4.4-8_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEDvGxXm3vHE4uyloRAn2ZAJwN1Zs9zK3jMUyh9xRrr4HUtmOQNwCeLy4L /FHjFyLK/gah37AB2DoXg74= =Nfw/ -----END PGP SIGNATURE----- Accepted: squirrelmail_1.4.4-8.diff.gz to pool/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz squirrelmail_1.4.4-8.dsc to pool/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc squirrelmail_1.4.4-8_all.deb to pool/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
