[pkg-horde] [SCM] Debian Horde Packages repository: imp4 package branch, debian-sid, updated. debian/4.3.6+debian0-2-7-g980c1ab

Gregory Colpart gcolpart at ioakim2.evolix.net
Sat Jul 10 16:02:26 UTC 2010 

The following commit has been merged in the debian-sid branch:
commit c6430c1b58edf58152eae6ebc3b2eb55e0bd09ee
Author: Gregory Colpart <gcolpart at ioakim2.evolix.net>
Date:   Sat Jul 10 14:36:44 2010 +0200

    Backport patch from upstream for CVE-2010-0463

diff --git a/debian/changelog b/debian/changelog
index e27428f..71dd9e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+imp4 (4.3.7+debian0-2) unstable; urgency=medium
+
+  * Backport patches from Horde CVS (http://bugs.horde.org/ticket/8836) to turn
+    off DNS prefetching when displaying untrusted content. See CVE-2010-0463
+    for more information. (Closes: #569661)
+
+ -- Gregory Colpart <reg at debian.org>  Sat, 10 Jul 2010 17:07:49 +0200
+
 imp4 (4.3.7+debian0-1) unstable; urgency=low
 
   * New upstream release. 
diff --git a/message.php b/message.php
index 2af2701..5b474ae 100644
--- a/message.php
+++ b/message.php
@@ -46,6 +46,7 @@ if (!$imp_mailbox->isValidIndex()) {
 }
 
 $flagged_unseen = false;
+$dnsnoprefetch = true;
 $printer_friendly = false;
 
 /* Set the current time zone. */
diff --git a/templates/common-header.inc b/templates/common-header.inc
index ea37277..49124d3 100644
--- a/templates/common-header.inc
+++ b/templates/common-header.inc
@@ -20,6 +20,11 @@ if ($GLOBALS['browser']->isBrowser('msie') &&
     ($GLOBALS['browser']->getMajor() == 8)) {
     echo '<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />' . "\n";
 }
+
+if (Util::nonInputVar('dnsnoprefetch')) {
+    echo '<meta http-equiv="x-dns-prefetch-control" content="off" />' . "\n";
+}
+
 echo Util::bufferOutput('require', IMP_TEMPLATES . '/javascript_defs.php');
 IMP::includeScriptFiles();
 IMP::includeStylesheetFiles(!empty($printer_friendly));
diff --git a/thread.php b/thread.php
index 5cfcf73..cecddd5 100644
--- a/thread.php
+++ b/thread.php
@@ -17,6 +17,8 @@ require_once IMP_BASE . '/lib/Message.php';
 require_once IMP_BASE . '/lib/MIME/Contents.php';
 require_once IMP_BASE . '/lib/Template.php';
 
+$dnsnoprefetch = true;
+
 /* What mode are we in?
  * DEFAULT/'thread' - Thread mode
  * 'msgview' - Multiple message view

-- 
Debian Horde Packages repository: imp4 package

More information about the pkg-horde-hackers mailing list