[pkg-horde] [SCM] Debian Horde Packages repository: imp4 package branch, debian-lenny, updated. 881658ab0a535d11859086d10f91701a6380998c

Gregory Colpart gcolpart at ioakim2.evolix.net
Sat Jul 10 16:02:22 UTC 2010 

The following commit has been merged in the debian-lenny branch:
commit 881658ab0a535d11859086d10f91701a6380998c
Author: Gregory Colpart <gcolpart at ioakim2.evolix.net>
Date:   Sat Jul 10 15:12:32 2010 +0200

    Backport patches from Horde CVS (see #569661 and http://bugs.horde.org/ticket/8836)

diff --git a/debian/changelog b/debian/changelog
index 14c00a7..4202417 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+imp4 (4.2-4lenny2) stable-security; urgency=low
+
+  * Backport patches from Horde CVS (http://bugs.horde.org/ticket/8836) to turn
+    off DNS prefetching when displaying untrusted content. See CVE-2010-0463
+    for more information. (Closes: #569661)
+
+ -- Gregory Colpart <reg at debian.org>  Sat, 10 Jul 2010 15:19:42 +0200
+
 imp4 (4.2-4lenny1) stable-security; urgency=medium
 
   * Backport patches from Horde CVS (http://bugs.horde.org/ticket/7926) to fix
diff --git a/message.php b/message.php
index 91d1d4d..68034e4 100644
--- a/message.php
+++ b/message.php
@@ -46,6 +46,7 @@ if (!$imp_mailbox->isValidIndex()) {
 }
 
 $flagged_unseen = false;
+$dnsnoprefetch = true;
 $printer_friendly = false;
 
 /* Set the current time zone. */
diff --git a/templates/common-header.inc b/templates/common-header.inc
index 39a8f87..a003388 100644
--- a/templates/common-header.inc
+++ b/templates/common-header.inc
@@ -16,6 +16,11 @@ if (!empty($title)) $page_title .= ' :: ' . $title;
 if (!empty($refresh_time) && !empty($refresh_url)) {
     echo "<meta http-equiv=\"refresh\" content=\"$refresh_time;url=$refresh_url\" />\n";
 }
+
+if (Util::nonInputVar('dnsnoprefetch')) {
+    echo '<meta http-equiv="x-dns-prefetch-control" content="off" />' . "\n";
+}
+
 echo Util::bufferOutput('require', IMP_TEMPLATES . '/javascript_defs.php');
 IMP::includeScriptFiles();
 IMP::includeStylesheetFiles(!empty($printer_friendly));
diff --git a/thread.php b/thread.php
index aecabdf..7c0e5e7 100644
--- a/thread.php
+++ b/thread.php
@@ -17,6 +17,8 @@ require_once IMP_BASE . '/lib/Message.php';
 require_once IMP_BASE . '/lib/MIME/Contents.php';
 require_once IMP_BASE . '/lib/Template.php';
 
+$dnsnoprefetch = true;
+
 /* What mode are we in?
  * DEFAULT/'thread' - Thread mode
  * 'msgview' - Multiple message view

-- 
Debian Horde Packages repository: imp4 package

More information about the pkg-horde-hackers mailing list