Request 337958: Incident postfixadmin.openSUSE_13.1 - openSUSE Build Service

This request supersedes: request 337063 (Show diff)

Overview

Request 337958 accepted

update to PostfixAdmin 2.3.8 (boo#949909)

Changes that were not included in the package yet:
- don't prefill username in users/ login on failed logins - fixes (probably
harmless) XSS
- fix show_gen_status() to properly escape mail addresses in query (#356)
- fix escaping in create-admin, create-mailbox and fetchmail templates -
fixes (harmless) XSS on form validation errors
- don't echo the password back to the browser in the fetchmail form
- enforce $CONF[min_password_length] in create-mailbox

Created by cboltz over 8 years ago
In state accepted
Supersedes 337063

Incident postfixadmin.openSUSE_13.1

Comments for request 337958 0

Login required, please login in order to comment

Request History

cboltz created request over 8 years ago

update to PostfixAdmin 2.3.8 (boo#949909)

Changes that were not included in the package yet:
- don't prefill username in users/ login on failed logins - fixes (probably
harmless) XSS
- fix show_gen_status() to properly escape mail addresses in query (#356)
- fix escaping in create-admin, create-mailbox and fetchmail templates -
fixes (harmless) XSS on form validation errors
- don't echo the password back to the browser in the fetchmail form
- enforce $CONF[min_password_length] in create-mailbox

maintbot accepted review over 8 years ago

accepted

maintbot approved review over 8 years ago

accepted

AndreasStieger accepted request over 8 years ago

starting update

openSUSE Build Service is sponsored by