-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 19 May 2009 17:27:23 +0200 Source: squirrelmail Binary: squirrelmail Architecture: source all Version: 2:1.4.9a-4 Distribution: oldstable-security Urgency: high Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: squirrelmail - Webmail for nuts Closes: 528528 Changes: squirrelmail (2:1.4.9a-4) oldstable-security; urgency=high . * Upload to oldstable-security to address security issues. (Closes: #528528) * Cross site scripting in using PHP_SELF (CVE-2009-1578). Also fix decrypt_headers, even though we don't ship that. * Code execution in map_yp_alias, not enabled by default (CVE-2009-1579). * Session fixation issue (CVE-2009-1580). * CSS positioning vulnerability (CVE-2009-1581). Files: c3b30d221d83b84f3da9d05d143aa950 1021 web optional squirrelmail_1.4.9a-4.dsc 1ac9a374320a25feb8702c481f07f69d 27710 web optional squirrelmail_1.4.9a-4.diff.gz 67c67fb13e4dc98739aab5264a4438c4 593578 web optional squirrelmail_1.4.9a-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKEtcGAAoJECIIoQCMVaAcHMwH/1G+gHl55kMFep68iDDOMawV h8S3I74pCK1Wv6lZ2QDASmDznJ8D1L7RI6a48scsZhk0dfSzooOQYzYE8Srvh+hp nMUxFkwZEOzIyEXO1RM8BHKutksn5cco1slYK6XWezHHOqlCB+G9ZFifM+BcxUQd HIA04yW89JaOavYxIL7bgKV5kok5m4zS/a1ETZP3OlrSsUGM6OjCuo8pKBjlBokR y4tmFANdhPMYQHalaec1CSwnHMOENrlC5tFRXNsoPQfz4Ns34jvskofTAK7NiY1W LIyiBdM3qCw6kN4BYAR3/q+dmEiU1WOv7Zbi/iRliUuXtn/2SiFq8c4et3OQh1c= =ouAK -----END PGP SIGNATURE----- Accepted: squirrelmail_1.4.9a-4.diff.gz to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4.diff.gz squirrelmail_1.4.9a-4.dsc to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4.dsc squirrelmail_1.4.9a-4_all.deb to pool/main/s/squirrelmail/squirrelmail_1.4.9a-4_all.deb
