[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] CVS: squirrelmail ChangeLog,1.765,1.766
From: Tomas Kuliavas <tokul () users ! sourceforge ! net>
Date: 2006-09-30 7:34:49
Message-ID: E1GTZN3-000168-Ii () sc8-pr-cvs8 ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/squirrelmail/squirrelmail
In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv2618
Modified Files:
ChangeLog
Log Message:
block uw mailbox abuse in imap select command instead of applying same
code in all scripts that get $mailbox from GET or POST.
don't check imap_server_type, because interface can be used with different
type setting.
display error message instead of silently overriding $mailbox. (#1557078)
Index: ChangeLog
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v
retrieving revision 1.765
retrieving revision 1.766
diff -u -w -r1.765 -r1.766
--- ChangeLog 7 Sep 2006 17:53:42 -0000 1.765
+++ ChangeLog 30 Sep 2006 07:34:47 -0000 1.766
@@ -135,7 +135,9 @@
- Added APOP, TLS and STLS support to mail_fetch plugin (#575299).
- Added Courier IMAP OUTBOX check to configtest utility.
- Moved login_form hook to its own table row on login page.
- - Added check_plugin_version() function
+ - Added check_plugin_version() function.
+ - If mailbox name starts with slash or contains ../, error message is
+ generated. Safety check for insecure default UW IMAP setup (#1557078).
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic