'[SM-CVS] CVS: squirrelmail ChangeLog,1.765,1.766'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] CVS: squirrelmail ChangeLog,1.765,1.766
From:       Tomas Kuliavas <tokul () users ! sourceforge ! net>
Date:       2006-09-30 7:34:49
Message-ID: E1GTZN3-000168-Ii () sc8-pr-cvs8 ! sourceforge ! net
[Download RAW message or body]

Update of /cvsroot/squirrelmail/squirrelmail
In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv2618

Modified Files:
	ChangeLog 
Log Message:
block uw mailbox abuse in imap select command instead of applying same
code in all scripts that get $mailbox from GET or POST.

don't check imap_server_type, because interface can be used with different
type setting.

display error message instead of silently overriding $mailbox. (#1557078)


Index: ChangeLog
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v
retrieving revision 1.765
retrieving revision 1.766
diff -u -w -r1.765 -r1.766
--- ChangeLog	7 Sep 2006 17:53:42 -0000	1.765
+++ ChangeLog	30 Sep 2006 07:34:47 -0000	1.766
@@ -135,7 +135,9 @@
   - Added APOP, TLS and STLS support to mail_fetch plugin (#575299).
   - Added Courier IMAP OUTBOX check to configtest utility.
   - Moved login_form hook to its own table row on login page.
-  - Added check_plugin_version() function
+  - Added check_plugin_version() function.
+  - If mailbox name starts with slash or contains ../, error message is
+    generated. Safety check for insecure default UW IMAP setup (#1557078).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic