Mailinglist Archive: opensuse-bugs (14787 mails)
| < Previous | Next > |
[Bug 217308] New: variuos squirellmail minor problems
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Thu, 2 Nov 2006 03:53:03 -0700 (MST)
- Message-id: <bug-217308-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=217308
Summary: variuos squirellmail minor problems
Product: openSUSE 10.2
Version: Beta 1 plus
Platform: Other
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Other
AssignedTo: mjancar@xxxxxxxxxx
ReportedBy: judas_iscariote@xxxxxxxxxxxxx
QAContact: qa@xxxxxxx
sometime ago while debugging a very nasty PHP bug [1] I found a few issues in
squirelmail.
- Discovered issue [2] that can produce a misbehaviuor that is patched in [3]
- As a part of the security hardening of PHP and related tools we started a
while ago, I suggest to use apache squirellmail.conf to make sure we have the
correct PHP settings always, and use the open_basedir php security feature,
this can reduce the impact of future/unknown vulns in the software
**** paste a the top`of the file ***
<Directory "/srv/www/htdocs/squirrelmail">
php_admin_flag register_globals Off
php_admin_flag magic_quotes_gpc Off
php_admin_flag allow_url_include Off
php_admin_flag allow_url_fopen Off
php_admin_flag session.use_only_cookies On
php_admin_flag session.cookie_httponly On
php_admin_value open_basedir
"/srv/www/htdocs/squirrelmail:/var/lib/squirrelmail:/usr/share/php5/PEAR:/tmp"
</Directory>
***** EOF ***
1. http://bugs.php.net/bug.php?id=38525
2.
http://sourceforge.net/tracker/index.php?func=detail&aid=1543573&group_id=311&atid=100311
3.
http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/imap_messages.php?r1=1.134.2.29&r2=1.134.2.30&pathrev=SM-1_4-STABLE
HTH.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Summary: variuos squirellmail minor problems
Product: openSUSE 10.2
Version: Beta 1 plus
Platform: Other
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Other
AssignedTo: mjancar@xxxxxxxxxx
ReportedBy: judas_iscariote@xxxxxxxxxxxxx
QAContact: qa@xxxxxxx
sometime ago while debugging a very nasty PHP bug [1] I found a few issues in
squirelmail.
- Discovered issue [2] that can produce a misbehaviuor that is patched in [3]
- As a part of the security hardening of PHP and related tools we started a
while ago, I suggest to use apache squirellmail.conf to make sure we have the
correct PHP settings always, and use the open_basedir php security feature,
this can reduce the impact of future/unknown vulns in the software
**** paste a the top`of the file ***
<Directory "/srv/www/htdocs/squirrelmail">
php_admin_flag register_globals Off
php_admin_flag magic_quotes_gpc Off
php_admin_flag allow_url_include Off
php_admin_flag allow_url_fopen Off
php_admin_flag session.use_only_cookies On
php_admin_flag session.cookie_httponly On
php_admin_value open_basedir
"/srv/www/htdocs/squirrelmail:/var/lib/squirrelmail:/usr/share/php5/PEAR:/tmp"
</Directory>
***** EOF ***
1. http://bugs.php.net/bug.php?id=38525
2.
http://sourceforge.net/tracker/index.php?func=detail&aid=1543573&group_id=311&atid=100311
3.
http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/imap_messages.php?r1=1.134.2.29&r2=1.134.2.30&pathrev=SM-1_4-STABLE
HTH.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |