[Bug 321304] Re: default configuration of squirrelmail-secure-login doesn't work
J. Bruce Fields
bfields at fieldses.org
Mon Jan 26 14:53:28 UTC 2009
That's odd; my unmodified installation of squirrelmail (I ran the config
script just to set the imap configuration), only worked after
change_back_to_http_after_login was cleared. And checking config.php, I
see $only_secure_cookies is set to true.
Ah-hah: looking at the debian changelog:
squirrelmail (2:1.4.15-3) unstable; urgency=high
* Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942)
-- Thijs Kinkhorst <thijs at debian.org> Sun, 28 Sep 2008 16:33:48 +0200
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3663
--
default configuration of squirrelmail-secure-login doesn't work
https://bugs.launchpad.net/bugs/321304
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list