[pkg-horde] [SCM] Debian Horde Packages repository: imp4 package branch, debian-sid, updated. debian/4.3.6+debian0-2-7-g980c1ab
Gregory Colpart
gcolpart at ioakim2.evolix.net
Sat Jul 10 16:02:26 UTC 2010
The following commit has been merged in the debian-sid branch:
commit c6430c1b58edf58152eae6ebc3b2eb55e0bd09ee
Author: Gregory Colpart <gcolpart at ioakim2.evolix.net>
Date: Sat Jul 10 14:36:44 2010 +0200
Backport patch from upstream for CVE-2010-0463
diff --git a/debian/changelog b/debian/changelog
index e27428f..71dd9e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+imp4 (4.3.7+debian0-2) unstable; urgency=medium
+
+ * Backport patches from Horde CVS (http://bugs.horde.org/ticket/8836) to turn
+ off DNS prefetching when displaying untrusted content. See CVE-2010-0463
+ for more information. (Closes: #569661)
+
+ -- Gregory Colpart <reg at debian.org> Sat, 10 Jul 2010 17:07:49 +0200
+
imp4 (4.3.7+debian0-1) unstable; urgency=low
* New upstream release.
diff --git a/message.php b/message.php
index 2af2701..5b474ae 100644
--- a/message.php
+++ b/message.php
@@ -46,6 +46,7 @@ if (!$imp_mailbox->isValidIndex()) {
}
$flagged_unseen = false;
+$dnsnoprefetch = true;
$printer_friendly = false;
/* Set the current time zone. */
diff --git a/templates/common-header.inc b/templates/common-header.inc
index ea37277..49124d3 100644
--- a/templates/common-header.inc
+++ b/templates/common-header.inc
@@ -20,6 +20,11 @@ if ($GLOBALS['browser']->isBrowser('msie') &&
($GLOBALS['browser']->getMajor() == 8)) {
echo '<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />' . "\n";
}
+
+if (Util::nonInputVar('dnsnoprefetch')) {
+ echo '<meta http-equiv="x-dns-prefetch-control" content="off" />' . "\n";
+}
+
echo Util::bufferOutput('require', IMP_TEMPLATES . '/javascript_defs.php');
IMP::includeScriptFiles();
IMP::includeStylesheetFiles(!empty($printer_friendly));
diff --git a/thread.php b/thread.php
index 5cfcf73..cecddd5 100644
--- a/thread.php
+++ b/thread.php
@@ -17,6 +17,8 @@ require_once IMP_BASE . '/lib/Message.php';
require_once IMP_BASE . '/lib/MIME/Contents.php';
require_once IMP_BASE . '/lib/Template.php';
+$dnsnoprefetch = true;
+
/* What mode are we in?
* DEFAULT/'thread' - Thread mode
* 'msgview' - Multiple message view
--
Debian Horde Packages repository: imp4 package
More information about the pkg-horde-hackers
mailing list