Mailinglist Archive: opensuse-updates (61 mails)

< Previous Next >
openSUSE-RU-2015:1724-1: moderate: Recommended update for PostfixAdmin
openSUSE Recommended Update: Recommended update for PostfixAdmin
______________________________________________________________________________

Announcement ID: openSUSE-RU-2015:1724-1
Rating: moderate
References: #949909
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that has one recommended fix can now be installed.

Description:

PostfixAdmin was updated to 2.3.8 to deliver bugs fixed upstream.

* don't prefill username in users/ login on failed logins - fixes
(probably harmless) XSS
* properly escape mail addresses in query (#356)
* fix escaping in create-admin, create-mailbox and fetchmail templates
* fixes (harmless) XSS on form validation errors
* don't echo the password back to the browser in the fetchmail form
* enforce minimum password length in create-mailbox


Patch Instructions:

To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-654=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (noarch):

postfixadmin-2.3.8-5.7.1


References:

https://bugzilla.suse.com/949909


< Previous Next >
This Thread
  • No further messages