> Recently, Debian package maintainers created a new security patch for > squirrelmail. > > http://www.debian.org/security/2003/dsa-220 > > Note, that conf.pl does not work with this. > > You will need to keep your old /etc/squirrelmail/config.php file. > > I suppose it will be fixed soon. > > Additionally, some plugins stop working because files have been moved > around. > > I.E. /usr/share/squirrelmail/include/validate.php used to be in > /user/share/squirrelmail/src/validate.php. > > Anybody know why have all these .php files been moved around ? > > -Ted
More importantly, note that you should not be using the 1.2.x debian patch with 1.3.x or 1.4.x. Yes files have moved around. These moves were due to decisions by the devel team to make it more clear how files are used based on their location. There are many other differences between the 1.2.x stream and the 1.3.x/1.4.0 RC packages, including changes in conf.pl. If you are testing 1.4.0 RC1, please do NOT use backlevel patches, as they most likely will not be compatible. Debian provided major modifications to some of the config files to suit their packaging preferences. Their version of conf.pl is not up to date with the version in 1.4.0 RC1 or 1.3.x. I believe XSS patches were applied throughout the SquirrelMail source, so the hole the patch was targetted to fix should already be addressed. Erin (ebullient) -- 'Waste of a good apple.' - Samwise Gamgee ICQ: 38670353 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
