Debian Bug report logs - #325631
XSS vulnerability

version graph

Package: sqwebmail; Maintainer for sqwebmail is Stefan Hornburg (Racke) <racke@linuxia.de>; Source for sqwebmail is src:courier.

Reported by: Florian Weimer <fw@deneb.enyo.de>

Date: Mon, 29 Aug 2005 21:48:02 UTC

Severity: normal

Tags: patch, sarge, security

Found in versions sqwebmail/0.47-4, sqwebmail/0.47-7

Fixed in version courier/0.47-8

Done: Stefan Hornburg (Racke) <racke@linuxia.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>:
Bug#325631; Package sqwebmail. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: submit@bugs.debian.org
Subject: XSS vulnerability
Date: Mon, 29 Aug 2005 23:35:14 +0200
Package: sqwebmail
Version: 0.47-4
Tags: security sarge

Secunia has reported a cross-site scripting vulnerability:

<http://secunia.com/advisories/16600/>

According to them, the bug is also present in the 4.x/0.4x versions.

The vendor has confirmed this for the 5.x versions:

<http://cvs.sourceforge.net/viewcvs.py/*checkout*/courier/courier/webmail/ChangeLog?content-type=text/plain&rev=sqwebmail-latest>



Tags added: Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as found in version 0.47-7. Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>:
Bug#325631; Package sqwebmail. Full text and rfc822 format available.

Acknowledgement sent to Stefan Hornburg <racke@linuxia.de>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>. Full text and rfc822 format available.

Message #14 received at 325631@bugs.debian.org (full text, mbox):

From: Stefan Hornburg <racke@linuxia.de>
To: Florian Weimer <fw@deneb.enyo.de>, 325631@bugs.debian.org
Cc: racke@linuxia.de
Subject: Re: Bug#325631: XSS vulnerability
Date: Tue, 30 Aug 2005 11:53:01 +0200
[Message part 1 (text/plain, inline)]
On Mon, 29 Aug 2005 23:35:14 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:

> Package: sqwebmail
> Version: 0.47-4
> Tags: security sarge
> 
> Secunia has reported a cross-site scripting vulnerability:
> 
> <http://secunia.com/advisories/16600/>
> 
> According to them, the bug is also present in the 4.x/0.4x versions.
> 
> The vendor has confirmed this for the 5.x versions:
> 
> <http://cvs.sourceforge.net/viewcvs.py/*checkout*/courier/courier/webmail/ChangeLog?content-type=text/plain&rev=sqwebmail-latest>
> 

Tested patch for the version in sarge is attached.

Bye
	Racke


-- 
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

[CAN-2005-2724.patch (application/octet-stream, attachment)]

Tags added: patch Request was from Stefan Hornburg <racke@linuxia.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: pending Request was from Stefan Hornburg <racke@linuxia.de> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Stefan Hornburg (Racke) <racke@linuxia.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #23 received at 325631-close@bugs.debian.org (full text, mbox):

From: Stefan Hornburg (Racke) <racke@linuxia.de>
To: 325631-close@bugs.debian.org
Subject: Bug#325631: fixed in courier 0.47-8
Date: Tue, 30 Aug 2005 05:02:12 -0700
Source: courier
Source-Version: 0.47-8

We believe that the bug you reported is fixed in the latest version of
courier, which is due to be installed in the Debian FTP archive:

courier-authdaemon_0.47-8_i386.deb
  to pool/main/c/courier/courier-authdaemon_0.47-8_i386.deb
courier-authmysql_0.47-8_i386.deb
  to pool/main/c/courier/courier-authmysql_0.47-8_i386.deb
courier-authpostgresql_0.47-8_i386.deb
  to pool/main/c/courier/courier-authpostgresql_0.47-8_i386.deb
courier-base_0.47-8_i386.deb
  to pool/main/c/courier/courier-base_0.47-8_i386.deb
courier-doc_0.47-8_all.deb
  to pool/main/c/courier/courier-doc_0.47-8_all.deb
courier-faxmail_0.47-8_i386.deb
  to pool/main/c/courier/courier-faxmail_0.47-8_i386.deb
courier-imap-ssl_3.0.8-8_i386.deb
  to pool/main/c/courier/courier-imap-ssl_3.0.8-8_i386.deb
courier-imap_3.0.8-8_i386.deb
  to pool/main/c/courier/courier-imap_3.0.8-8_i386.deb
courier-ldap_0.47-8_i386.deb
  to pool/main/c/courier/courier-ldap_0.47-8_i386.deb
courier-maildrop_0.47-8_i386.deb
  to pool/main/c/courier/courier-maildrop_0.47-8_i386.deb
courier-mlm_0.47-8_i386.deb
  to pool/main/c/courier/courier-mlm_0.47-8_i386.deb
courier-mta-ssl_0.47-8_i386.deb
  to pool/main/c/courier/courier-mta-ssl_0.47-8_i386.deb
courier-mta_0.47-8_i386.deb
  to pool/main/c/courier/courier-mta_0.47-8_i386.deb
courier-pcp_0.47-8_i386.deb
  to pool/main/c/courier/courier-pcp_0.47-8_i386.deb
courier-pop-ssl_0.47-8_i386.deb
  to pool/main/c/courier/courier-pop-ssl_0.47-8_i386.deb
courier-pop_0.47-8_i386.deb
  to pool/main/c/courier/courier-pop_0.47-8_i386.deb
courier-ssl_0.47-8_i386.deb
  to pool/main/c/courier/courier-ssl_0.47-8_i386.deb
courier-webadmin_0.47-8_i386.deb
  to pool/main/c/courier/courier-webadmin_0.47-8_i386.deb
courier_0.47-8.diff.gz
  to pool/main/c/courier/courier_0.47-8.diff.gz
courier_0.47-8.dsc
  to pool/main/c/courier/courier_0.47-8.dsc
sqwebmail_0.47-8_i386.deb
  to pool/main/c/courier/sqwebmail_0.47-8_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 325631@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <racke@linuxia.de> (supplier of updated courier package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 30 Aug 2005 10:21:58 +0200
Source: courier
Binary: courier-authpostgresql courier-ldap courier-faxmail courier-pcp courier-authmysql courier-imap courier-authdaemon courier-base sqwebmail courier-ssl courier-pop courier-mta courier-webadmin courier-imap-ssl courier-doc courier-mlm courier-maildrop courier-mta-ssl courier-pop-ssl
Architecture: source i386 all
Version: 0.47-8
Distribution: unstable
Urgency: high
Maintainer: Stefan Hornburg (Racke) <racke@linuxia.de>
Changed-By: Stefan Hornburg (Racke) <racke@linuxia.de>
Description: 
 courier-authdaemon - Courier Mail Server - Authentication daemon
 courier-authmysql - Courier Mail Server - MySQL authentication
 courier-authpostgresql - Courier Mail Server - PostgreSQL Authentication
 courier-base - Courier Mail Server - Base system
 courier-doc - Courier Mail Server - Additional documentation
 courier-faxmail - Courier Mail Server - Faxmail gateway
 courier-imap - Courier Mail Server - IMAP server
 courier-imap-ssl - Courier Mail Server - IMAP over SSL
 courier-ldap - Courier Mail Server - LDAP support
 courier-maildrop - Courier Mail Server - Mail delivery agent
 courier-mlm - Courier Mail Server - Mailing list manager
 courier-mta - Courier Mail Server - ESMTP daemon
 courier-mta-ssl - Courier Mail Server - ESMTP over SSL
 courier-pcp - Courier Mail Server - PCP server
 courier-pop - Courier Mail Server - POP3 server
 courier-pop-ssl - Courier Mail Server - POP3 over SSL
 courier-ssl - Courier Mail Server - SSL/TLS Support
 courier-webadmin - Courier Mail Server - Web-based administration frontend
 sqwebmail  - Courier Mail Server - Webmail server
Closes: 325631
Changes: 
 courier (0.47-8) unstable; urgency=high
 .
   * backported fixes to prevent cross-side scripting vulnerabilities with
     some browsers in sqwebmail [CAN-2005-2724] (Closes: #325631, thanks to
     Florian Weimer <fw@deneb.enyo.de> for the report)
Files: 
 faa0a5e69fe5faed6027cdfcbbf3e921 1204 mail optional courier_0.47-8.dsc
 e41f10806b862b5dfe02574a3c39faf5 95833 mail optional courier_0.47-8.diff.gz
 10f9345dcaa6763236036c738079ad95 370536 doc optional courier-doc_0.47-8_all.deb
 d2d7e94bc41dc92005aaf6eb76b027ce 233294 mail optional courier-base_0.47-8_i386.deb
 ccd6f28901f87609b14f8bf11acb17af 931390 mail optional courier-maildrop_0.47-8_i386.deb
 9fc03bcc67d8e9463f33e5b0bf58353c 109340 mail optional courier-mlm_0.47-8_i386.deb
 7e916f5ac2c0642cecc8ae9c6f1555d9 2077630 mail extra courier-mta_0.47-8_i386.deb
 1fc3de1b5d7e4fff5d35b4f9afe7e981 28862 mail optional courier-faxmail_0.47-8_i386.deb
 d862d273ef168c358a35cf3056583e29 34808 mail optional courier-webadmin_0.47-8_i386.deb
 be576bbc90d13e5332434e19be81dfef 779386 mail optional sqwebmail_0.47-8_i386.deb
 4790dc97f9d5b06f109245caa15af0ff 60702 mail optional courier-pcp_0.47-8_i386.deb
 1fb34a19a8e6a146eac58c271ea4a1ca 417252 mail extra courier-pop_0.47-8_i386.deb
 ccfa8b41fecde0ecb6c5faa714c8d5a7 66654 mail optional courier-ldap_0.47-8_i386.deb
 35ea35c2b938aaf97569c38c74ec1dc7 55568 mail optional courier-authdaemon_0.47-8_i386.deb
 faeb3b2e2a5c4b4e5b51745c85163ef3 51838 mail optional courier-authmysql_0.47-8_i386.deb
 9cb79bf3694cf0218b73da97ef3a0304 192010 mail optional courier-ssl_0.47-8_i386.deb
 e16d7fa9ee73391d2f31f0138b783d51 19306 mail extra courier-mta-ssl_0.47-8_i386.deb
 c45af21a476dc596644254302d5f3a73 20946 mail optional courier-pop-ssl_0.47-8_i386.deb
 ca2e65289615e94d01a3c29c10ed3e89 51922 mail optional courier-authpostgresql_0.47-8_i386.deb
 22013669daa775af08a1114501c86b29 938826 mail extra courier-imap_3.0.8-8_i386.deb
 7a026b015cae4acf51f1919354ddf360 21144 mail extra courier-imap-ssl_3.0.8-8_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDFEfUjgVfE5tya3ERAu0XAKDfGM32Uoxx/KsIXobqeWQ4MmX04ACeM7QZ
SNJuAV4gruiL+EI+A+HpSEg=
=x4SZ
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 02:38:21 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:08:22 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.