Bug#593465: marked as done (squirrelmail: Unimplemented function sqimap_run_literal_command() after security update)

Debian Bug Tracking System Mon, 08 Aug 2011 06:57:35 -0700

Your message dated Mon, 08 Aug 2011 13:55:02 +0000
with message-id <e1qqqii-0003va...@franck.debian.org>
and subject line Bug#593465: fixed in squirrelmail 2:1.4.15-4+lenny5
has caused the Debian Bug report #593465,
regarding squirrelmail: Unimplemented function sqimap_run_literal_command() 
after security update
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
593465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593465
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: squirrelmail
Version: 2:1.4.15-4+lenny3.1
Severity: serious
Tags: l10n
Justification: important


After security update 

squirrelmail_2%3a1.4.15-4+lenny3.1_all.deb 

an unimplemented function 

  sqimap_run_literal_command() 
  
is used in imap_general.php. 

User who used 8bit chars in their imap passwords now get a:  

  Fatal error: Call to undefined function sqimap_run_literal_command() in 
/usr/share/squirrelmail/functions/imap_general.php on line 528  error

and cannot log in any more.


-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26_UB (SMP w/4 CPU cores)
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages squirrelmail depends on:
ii  apache2            2.2.9-10+lenny8       Apache HTTP Server metapackage
ii  apache2-mpm-prefor 2.2.9-10+lenny8       Apache HTTP Server - traditional n
ii  libapache2-mod-php 5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti
ii  perl               5.10.0-19lenny2       Larry Wall's Practical Extraction 
ii  php5-cgi           5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti

Versions of packages squirrelmail recommends:
ii  aspell [aspell-bin]    0.60.6-1          GNU Aspell spell-checker
ii  squirrelmail-locales   1.4.13-20071220-1 Translations for the SquirrelMail 

Versions of packages squirrelmail suggests:
ii  cyrus21-imapd [ima 2.1.18-5.1            Cyrus mail system (IMAP support)
pn  imapproxy          <none>                (no description available)
ii  php-pear           5.2.6.dfsg.1-1+lenny9 PEAR - PHP Extension and Applicati
ii  php4-pear          6:4.4.4-8+etch6       PHP Extension and Application Repo
pn  php5-ldap | php4-l <none>                (no description available)
pn  squirrelmail-decod <none>                (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: squirrelmail
Source-Version: 2:1.4.15-4+lenny5

We believe that the bug you reported is fixed in the latest version of
squirrelmail, which is due to be installed in the Debian FTP archive:

squirrelmail_1.4.15-4+lenny5.diff.gz
  to main/s/squirrelmail/squirrelmail_1.4.15-4+lenny5.diff.gz
squirrelmail_1.4.15-4+lenny5.dsc
  to main/s/squirrelmail/squirrelmail_1.4.15-4+lenny5.dsc
squirrelmail_1.4.15-4+lenny5_all.deb
  to main/s/squirrelmail/squirrelmail_1.4.15-4+lenny5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 593...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated squirrelmail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 08 Aug 2011 12:25:12 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.15-4+lenny5
Distribution: oldstable-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <jer...@wolffelaar.nl>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description: 
 squirrelmail - Webmail for nuts
Closes: 593465
Changes: 
 squirrelmail (2:1.4.15-4+lenny5) oldstable-security; urgency=high
 .
   * Upload to lenny-security.
   * Fix regression in patch for CVE-2010-2813 that caused a
     fatal error when logging in with a password which uses
     8 bit characters (closes: #593465). Thanks Micah Anderson
     and Jan Kontze for their debugging help.
   * CVE-2011-2023: Messages containing style tags with malicious script
     attributes were being displayed without being fully sanitized.
   * CVE-2010-4554: Clickjacking attack wherein the entire application can
     be loaded in a frame that could overlay other elements on top of
     SquirrelMail's user interface and possibly expose private user data
     to an attacker.
   * CVE-2010-4555 CVE-2011-2752 CVE-2011-2753: An attacker could use one
     of several small bugs in SquirrelMail to inject malicious script into
     various pages or alter the contents of user preferences.
Checksums-Sha1: 
 d3799e4c51e6b0f2e943b8170a1430be125f3317 1525 squirrelmail_1.4.15-4+lenny5.dsc
 1d570bc8ba76045f5007906eb037964a7968aa33 36970 
squirrelmail_1.4.15-4+lenny5.diff.gz
 509f7bfc3bd4479466084e4311c96ffd7516243f 612756 
squirrelmail_1.4.15-4+lenny5_all.deb
Checksums-Sha256: 
 f5e9dca7fdd90e4242437536d4584186538812c378ab66bc28b93ee18b1ca945 1525 
squirrelmail_1.4.15-4+lenny5.dsc
 185ebd644c3ad03e2d0f459c0efd3e5b0c90eea8b3ab9f1cd6f23ce70105b010 36970 
squirrelmail_1.4.15-4+lenny5.diff.gz
 c85bcfb32e2c2258ab31163a6341360eb12ef41eefe04f27c6f06a6403c02e46 612756 
squirrelmail_1.4.15-4+lenny5_all.deb
Files: 
 c063fb1f52ec323d8a1770b61125efe9 1525 web optional 
squirrelmail_1.4.15-4+lenny5.dsc
 ff5ea55dee7700ea3cc6c67935c5ed57 36970 web optional 
squirrelmail_1.4.15-4+lenny5.diff.gz
 108acd6420447abbc0951d562340b9a0 612756 web optional 
squirrelmail_1.4.15-4+lenny5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOP8J1AAoJEOxfUAG2iX578WYH/0/7fajowdZENZ5HmPeaTSTq
b66tq87HgBWhYz6S5Ot7jWHb9DS5W5LivDVjsVXVhD2WkLePGnxizQ7nkFtdiccb
AUO6K44AH3lWlKPhhOrkdioPwD7SSa52L7I4ZsBBuJx6OGPsvUo1Y4wb9hmTnu75
Zu6P4brb2ngwYUMIIV+xi1Ca05RAsMHtMGOwYJqCsKIdWNqhunDFUXxlQlZ2lUR+
ddAgnywMtJr5stTHKrPngbM8EyHUsZbMUXhJ/o8ZxYPB7ZqTDdwvP0UHwBUIbAvf
WOGq3pVifJNhOeAuhYQIiovRq8xhR7sXSufW3nw4EGFGyUYXRoeKJK24iD7Wiic=
=YfbL
-----END PGP SIGNATURE-----

--- End Message ---

Bug#593465: marked as done (squirrelmail: Unimplemented function sqimap_run_literal_command() after security update)

Reply via email to