Candidate: CVE-2008-3663
PublicDate: 2008-09-24 14:56:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663
Description:
 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in
 an https session, which can cause the cookie to be sent in http requests
 and make it easier for remote attackers to capture this cookie.
Ubuntu-Description:
Notes:
 jdstrand> be sure not to introduce CVE-2009-0030 when fixing this
Bugs:
 https://bugs.launchpad.net/bugs/328938
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_squirrelmail:
upstream_squirrelmail: released (2:1.4.15-3)
dapper_squirrelmail: released (2:1.4.6-1ubuntu0.2)
feisty_squirrelmail: needed (reached end-of-life)
gutsy_squirrelmail: released (2:1.4.10a-2ubuntu0.1)
hardy_squirrelmail: released (2:1.4.13-2ubuntu1.2)
intrepid_squirrelmail: not-affected (2:1.4.15-3)
devel_squirrelmail: not-affected