Your message dated Sun, 28 Sep 2008 14:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#499942: fixed in squirrelmail 2:1.4.15-3
has caused the Debian Bug report #499942,
regarding CVE-2008-3663: Squirrelmail: Session hijacking vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
499942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499942
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: squirrelmail
Version: 2:1.4.9a-2
Severity: grave
Tags: security
Justification: user security hole
Squirrelmail does not set the secure flag for its session cookie when accessed
over https. See
http://int21.de/cve/CVE-2008-3663-squirrelmail.html
--- End Message ---
--- Begin Message ---
Source: squirrelmail
Source-Version: 2:1.4.15-3
We believe that the bug you reported is fixed in the latest version of
squirrelmail, which is due to be installed in the Debian FTP archive:
squirrelmail_1.4.15-3.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.15-3.diff.gz
squirrelmail_1.4.15-3.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.15-3.dsc
squirrelmail_1.4.15-3_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.15-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated squirrelmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 28 Sep 2008 16:33:48 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.15-3
Distribution: unstable
Urgency: high
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
squirrelmail - Webmail for nuts
Closes: 499942
Changes:
squirrelmail (2:1.4.15-3) unstable; urgency=high
.
* Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942)
Checksums-Sha1:
01c7c535239d5cefd21878ad761fe4fea59d6687 1496 squirrelmail_1.4.15-3.dsc
b2d6f179fa5003dff263959fd37d67d31238a165 22953 squirrelmail_1.4.15-3.diff.gz
268ff7e1e88a8a360a4fdb7655f847e80a81f67b 605884 squirrelmail_1.4.15-3_all.deb
Checksums-Sha256:
2668b5da1a533b03babd9eaf3761ff4ab9851c190c96128afd03759d42d029a4 1496
squirrelmail_1.4.15-3.dsc
d825129c7c95d8928199a81334d9ab4c1f881b3a7be58ec3514a484cd761f56a 22953
squirrelmail_1.4.15-3.diff.gz
f73363c4af4931b730c04c3e1354152fa948150e45ab91c333ee508149fe615b 605884
squirrelmail_1.4.15-3_all.deb
Files:
420bcce75ac017c1964bfbb0adce8db1 1496 web optional squirrelmail_1.4.15-3.dsc
1bbb01b774ccd5f506696215cea82872 22953 web optional
squirrelmail_1.4.15-3.diff.gz
3a07c641b11474f216659d4882e82d1d 605884 web optional
squirrelmail_1.4.15-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJI35YKAAoJEGz0hbPcukPfe/MH/Rl6T5hTiwqJnyQJ/7m+A5xj
R/3N+d5c71F1ifnVVrGC9KiNppFVu+ifb4sgEc4jVdc+HaYenPDFU3Hk679F5kzv
yw1AZyeiy64pp/hEhhV3i2Xy45du15bOSv5qVpaYZa8gGadK/BmJ5RwdRbDmFYwa
eOqjesxp89e6PL4DQ/mCG1x77HeSKGSadWbxXhtjWopVzlAMx5Lw5NHkaK11VXLS
MUFhsfqZbvHsrS4UirqaffBASxMWs9Llygu+RS7hbuLOJDACCsaGFdbrOvFudV3k
2oskc0/BMSNIGhGoTh3Gb/TDuovYr4d8+PAkHqdVXzR7ZNA5QEyf7TSNK2sGw1Q=
=lgtL
-----END PGP SIGNATURE-----
--- End Message ---
