Bug ID | 949909 |
---|---|
Summary | Several bugs in PostfixAdmin 2.3.7 |
Classification | openSUSE |
Product | openSUSE 13.1 |
Version | Final |
Hardware | Other |
OS | openSUSE 13.1 |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Other |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | suse-beta@cboltz.de |
QA Contact | qa-bugs@suse.de |
Found By | Beta-Customer |
Blocker | --- |
PostfixAdmin 2.3.7 contains several bugs, which are fixed in 2.3.8: - don't prefill username in users/ login on failed logins - fixes (probably harmless) XSS - fix show_gen_status() to properly escape mail addresses in query (#356) - fix escaping in create-admin, create-mailbox and fetchmail templates - fixes (harmless) XSS on form validation errors - don't echo the password back to the browser in the fetchmail form There's also the usual post-release fix ;-) - this time: - enforce $CONF[min_password_length] in create-mailbox This affects only PostfixAdmin <= 2.3.7 and therefore only openSUSE 13.1.