Bug 200073
Summary: | Squirrelmail 1.4.7 fixes several issues | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Nils Breunese <nils> |
Component: | squirrelmail | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | mattdm, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | noarch | ||
OS: | Linux | ||
URL: | http://www.squirrelmail.org/changelog.php | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-30 20:07:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nils Breunese
2006-07-25 10:56:22 UTC
*** Bug 200074 has been marked as a duplicate of this bug. *** -> Legacy. Thanks! I reported this against FC2, but since it's a noarch package it probably affects all releases. I didn't know how to set this though, sorry. Since FC1 and FC2 will be EOL tomorrow, we can't expect any updated packages for those releases? Pretty unlikely, yeah. Although perhaps anything reported before the EOL date oughta get an update; I don't think the policy is clear on that. Anyway, I'm going to move this to "unspecified" given comment #3. 1.4.8 was released today: "The SquirrelMail Project Team is proud to announce the release of SquirrelMail 1.4.8. This release contains an important security fix where a logged-in user could overwrite variables, and a collection of regular bugfixes. Details on all the changes in this release can be found in the ChangeLog. There's also two patches available against the 1.4.7 release for just the security issue: a minimal one (http://www.squirrelmail.org/patches/sqm1.4.7- expired-post-fix-minimal.patch) removes the function, because it was broken anyway, or more extended one (http://www.squirrelmail.org/patches/sqm1.4.7- expired-post-fix-full.patch) which fixes the functionality and closes the hole." Version 1.4.8 - CVS ------------------- - Fixed URL for Read Receipts being incorrect in some cases (#1177518). - Fixed endless loop when trying to parse "From: )(" (#1517867). - Using is_file() instead of file_exists() in fortune plugin (#1499134). - Add manual page for conf.pl under contrib. - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346). - Fixed spamcop web based reporting form (#1519673). - Session cookies are turned on, if session.use_cookies is turned off in PHP configuration (#1518885). - Cleaned whitespace in output buffer when plugins are loaded (#1291209). - Removed conf.pl dependency on Perl IO::Socket module. Automatic detection of supported authentication mechanisms is disabled, if IO::Socket is not available. - Make the base for the SquirrelMail URL configurable. Adds a new variable config_base_location to config.php and a new option to conf.pl. This is to prevent problems in installs where our heuristic doesn't work correctly (#1521299, #1460675, #1110064, #1000850, #1113791). - Fixed mailbox and header sanitizing in src/search.php. - Handle IMAP copy errors in filters plugin. Added $handle_errors option and boolean return in sqimap_messages_copy() function (#1520437). - Improved register_globals=on handling code in order to prevent possible variable corruption. - Fixed use of $version in config.php file (#1527870). - Fixed IMAP folder creation in euc-kr, big5 and gb2312 translations (#1005353). - Configuration utility does not allow 8bit symbols in IMAP folder names (#1485501). - Removed HTTP Status header from signout page (#1424748). - Added command execution status check in SendMail delivery class (#1374174). - Added $sendmail_args configuration option (#1365779). - Fixed resuming of compose when session expired while writing, and make sure the code only sets those variables that are needed in compose and are not already set. Thanks James Bercegay from GulfTech for pointing this out. - Fixed subscription of new 'noselect' folders (#1315912). - Moving the development documentation to the documentation module. - Drop dead code in validate.php once used for some old obscure bug. My plan is to push rawhide's 1.4.8, which contains a large number of language specific fixes to both RHEL3 and RHEL4 eventually. I am pushing it to FC5 updates soon. I know the version upgrade violates Legacy rules, but Legacy may want to consider an exception for the sake of time and labor limitations, and the fact that this package will be used pretty much everywhere. Of course wait a while for it to be tested and verified first. Fedora Legacy project has ended. These will not be fixed by Fedora Legacy. |