UbuntuUpdates.org

Package squirrelmail

Name:	squirrelmail
Description:	Webmail for nuts SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and is designed for maximum compatibility across browsers. SquirrelMail has few requirements and is easy to configure and install. It runs on top of any IMAP server. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books and folder manipulation.
Latest version:	2:1.4.19-1ubuntu0.2
Ubuntu release:	karmic (9.10)
Level:	updates
Repository:	universe

All versions of squirrelmail in Karmic

updates (this page)	base	security	proposed
2:1.4.19-1ubuntu0.2	2:1.4.19-1	2:1.4.19-1ubuntu0.2	2:1.4.19-1ubuntu0.1

See all versions of squirrelmail in all Ubuntu releases and repositories.

Links

• Save this URL for the latest version of "squirrelmail": http://www.ubuntuupdates.org/squirrelmail
• External home page for squirrelmail
• List of files in squirrelmail

Change Log

Version: 2:1.4.19-1ubuntu0.2	2010-07-07 19:03:10 UTC
squirrelmail (2:1.4.19-1ubuntu0.2) karmic-security; urgency=low * SECURITY UPDATE: (LP: #598077) * The Mail Fetch plugin allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. - http://squirrelmail.org/security/issue/2010-06-21 - CVE-2010-1637 - Patch taken from upstream svn rev. 13951. Applied inline. -- Andreas Wenning Thu, 24 Jun 2010 14:17:43 +0200
Source diff to previous version
598077 squirrelmail: "CVE-2010-1637 Mail fetch plugin can be used as proxy for port scan" CVE-2010-1637 The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a p

Version: 2:1.4.19-1ubuntu0.1	2010-02-09 00:02:05 UTC
squirrelmail (2:1.4.19-1ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: (LP: #446838) * Multiple cross-site request forgery (CSRF) in all forms submissions * edited: src/addrbook_search_html.php,src/addressbook.php,src/compose.php src/folders_create.php,src/folders_delete.php,src/folders.php, src/folders_rename_do.php,src/folders_rename_getname.php, src/folders_subscribe.php,functions/forms.php, functions/mailbox_display.php,src/move_messages.php, src/options_highlight.php,src/options_identities.php, src/options_order.php,src/options.php,src/search.php, functions/strings.php,src/vcard.php * Fixes : CVE-2009-2964 - http://www.squirrelmail.org/security/issue/2009-08-12 - patches taken from upstream rev 13818 - patches applied inline -- Leonel Nunez Sun, 11 Oct 2009 19:18:52 -0600
446838 squirrelmail: "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier" CVE-2009-2964 Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijac

---

Share this page

Tweet

News

  News
  Comments

Recent

Opera 10.61 in Opera PPA
Maverick soon to be added to UbuntuUpdates
Thunderbird 3.1 in Lucid
Opera 10.60 in Opera PPA
KDE 4.4.4 in Lucid

Most Popular

Maverick package stats
All UbuntuUpdates News Feeds
Google Chrome in Ubuntu: 2 repositories, 3 versions
KDE 4.4 PPA for Karmic: all the details
Install Firefox 3.6 in Karmic
Introducing ubuntuupdates.org

See all

Bookmarks

mythtv 0.23.0
skype 2.1.0.81-1
pidgin 1:2.7.1-1
gnome-shell 2.31.4
virtualbox 3.2.8-64453
opera 10.61.6430
wine1.3 1.3.1-0
linux-maverick 2.6.35-19.25
kernel 2.6.35-19.28
nvidia-graphics-drivers 256.52-0
kernel 2.6.32-25.43
gwibber 2.30.2-0
chromium-browser 7.0.513.0
google-chrome-beta 6.0.472.53
firefox-4.0 4.0

Latest updates

  Packages changelogs
  Bugs & CVEs

base

alsa-driver (maverick)
libubuntuone (maverick)
telepathy-glib (maverick)
eglibc (maverick)
gwibber (maverick)
kdeutils (maverick)
glib2.0 (maverick)
gtk+2.0 (maverick)
kdeedu (maverick)
ubuntuone-client (maverick)
update-manager (maverick)
xorg-server (maverick)
gnome-themes (maverick)
alsa-driver (maverick)
couchdb-glib (maverick)
eglibc (maverick)
evolution-couchdb (maverick)
folks (maverick)
glade-3 (maverick)
glib2.0 (maverick)
gnome-games (maverick)
gtk+2.0 (maverick)
libvirt (maverick)
lupin (maverick)
shadow (maverick)
telepathy-glib (maverick)
vte (maverick)
aptdaemon (maverick)
eog (maverick)
evolution-data-server (maverick)

See all

PPA updates

  PPAs

firefox-4.0 (maverick)
chromium-codecs-ffmpeg (maverick)
gyp (maverick)
thunderbird (maverick)
cagibi (lucid)
kde4libs (lucid)
kdebase (lucid)
kdebindings (lucid)
kdemultimedia (lucid)
kdepimlibs (lucid)
kdetoys (lucid)
kdewebdev (lucid)
meta-kde (lucid)
oxygen-icons (lucid)
plasma-scriptengine-googlegadgets (lucid)
kdeaccessibility (lucid)
kdebase-runtime (lucid)
kdegames (lucid)
kdegraphics (lucid)
kdebase-workspace (lucid)
kdeartwork (lucid)
kdeedu (lucid)
kdeplasma-addons (lucid)
pkg-kde-tools (lucid)
firefox-4.0 (lucid)
thunderbird (lucid)
kdeadmin (lucid)
kdenetwork (lucid)
kdesdk (lucid)
chromium-codecs-ffmpeg (lucid)

See all