Bug ID 949909
Summary Several bugs in PostfixAdmin 2.3.7
Classification openSUSE
Product openSUSE 13.1
Version Final
Hardware Other
OS openSUSE 13.1
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee bnc-team-screening@forge.provo.novell.com
Reporter suse-beta@cboltz.de
QA Contact qa-bugs@suse.de
Found By Beta-Customer
Blocker --- 

PostfixAdmin 2.3.7 contains several bugs, which are fixed in 2.3.8:
  - don't prefill username in users/ login on failed logins - fixes (probably
    harmless) XSS
  - fix show_gen_status() to properly escape mail addresses in query (#356)
  - fix escaping in create-admin, create-mailbox and fetchmail templates -
    fixes (harmless) XSS on form validation errors
  - don't echo the password back to the browser in the fetchmail form

There's also the usual post-release fix ;-) - this time:
  - enforce $CONF[min_password_length] in create-mailbox

This affects only PostfixAdmin <= 2.3.7 and therefore only openSUSE 13.1.

You are receiving this mail because: