Candidate: CVE-2009-2964
PublicDate: 2009-08-25 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964
Description:
 Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail
 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to
 hijack the authentication of unspecified victims via features such as send
 message and change preferences, related to (1)
 functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3)
 src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6)
 src/folders_create.php, (7) src/folders_delete.php, (8)
 src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10)
 src/folders_subscribe.php, (11) src/move_messages.php, (12)
 src/options.php, (13) src/options_highlight.php, (14)
 src/options_identities.php, (15) src/options_order.php, (16)
 src/search.php, and (17) src/vcard.php.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/squirrelmail/+bug/446838
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_squirrelmail:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/squirrelmail/+bug/446838
upstream_squirrelmail: released (2:1.4.20~rc2-1)
dapper_squirrelmail: ignored (reached end-of-life)
hardy_squirrelmail: released (2:1.4.13-2ubuntu1.5)
intrepid_squirrelmail: released ( 2:1.4.15-3ubuntu0.4)
jaunty_squirrelmail: released (2:1.4.15-4ubuntu0.3)
karmic_squirrelmail: released (2:1.4.19-1ubuntu0.1)
devel_squirrelmail: not-affected (2:1.4.20~rc2-1)