squirrelmail (2:1.4.23~svn20120406-2+deb7u2) wheezy-security; urgency=high

  * Path traversal vulnerability (CVE-2018-8741)
    Directory traversal flaw in Deliver.class.php can allow a remote
    attacker to retrieve or delete arbitrary files. (Closes: #893202)

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 11 Apr 2018 13:24:23 +0200

squirrelmail (2:1.4.23~svn20120406-2+deb7u1) wheezy-security; urgency=high

  [ Markus Koschany ]
  * Non-maintainer upload by the LTS Security Team.

  [ Antoine Beaupré ]
  * Fix CVE-2017-7692: post-authentication remote code execution via a
    sendmail.cf file

 -- Markus Koschany <apo@debian.org>  Mon, 15 May 2017 10:27:59 +0200

squirrelmail (2:1.4.23~svn20120406-2) unstable; urgency=medium

  * Add patch from upstream to cope with changed behaviour of
    htmlspecialchars() in PHP 5.4 (closes: #664895).
  * Add patch from upstream to cope with removal of
    session_unregister() in PHP 5.4.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 20 Dec 2012 20:41:02 +0100

squirrelmail (2:1.4.23~svn20120406-1) unstable; urgency=medium

  * New upstream snapshot release.
    - Addresses PHP 5.4 compatibility issues (closes: #664895).
    - Fixes PHP warning (closes: #641869).
    - Fixes hide_auth_header (closes: #661394).

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 06 Apr 2012 13:18:54 +0200

squirrelmail (2:1.4.22-1) unstable; urgency=medium

  * New upstream release, fixes several security issues
    (CVE-2011-2023, CVE-2010-4554, CVE-2010-4555,
     CVE-2011-2752, CVE-2011-2753 closes: #593345, #634822).
  * Move to dpkg source format 3.0, separate out Debian patches.
    Small packaging cleanups.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 24 Jul 2011 14:40:01 +0000

squirrelmail (2:1.4.21-1) unstable; urgency=medium

  * New upstream release.
    + Addresses two low-imact security issues, bump urgency.
      [CVE-2010-1637, CVE-2010-2813]
  * Checked for policy 3.9.1, no changes necessary.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 31 Jul 2010 13:54:45 +0200

squirrelmail (2:1.4.20-1) unstable; urgency=low

  * New upstream release.
    + Addresses search bug (closes: #550763).
  * Update to policy 3.8.4, no changes necessary.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 07 Mar 2010 16:26:58 +0100

squirrelmail (2:1.4.20~rc2-1) unstable; urgency=medium

  * New upstream release candidate.
    + Addresses cross site request forgery (CVE-2009-2964,
      closes: #543818).
  * Update to policy 3.8.3, no changes necessary.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 27 Sep 2009 16:46:03 +0200

squirrelmail (2:1.4.19-1) unstable; urgency=high

  * New upstream release.
    + Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
    + Fixes filter plugin regression (closes: #529328)

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 21 May 2009 20:16:48 +0200

squirrelmail (2:1.4.18-1) unstable; urgency=high

  * New upstream release.
    + Addresses several security issues (closes: #528528):
      CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
  * Update to debhelper 7 and policy 3.8.1.
  * Make squirrelmail.cron.daily cope with the administrator
    enabling the hashed dir feature, thanks Marcello Nuccio
    (closes: #508287).
  * Update Recommends and Suggests:
    + Remove all php4-related relations.
    + Add recommends for php5-mcode which speeds up crypto.
    + Suggest php5-recode for some character sets.
    + Recommend plugins: squirrelmail-viewashtml for HTML mail,
      squirrelmail-logger to provide logging.
    (closes: #523966, #527964)

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 13 May 2009 19:42:57 +0200

squirrelmail (2:1.4.15-4) unstable; urgency=high

  * Address cross site scripting issue in the HTML filter
    (CVE-2008-2379).

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 07 Dec 2008 16:18:03 +0100

squirrelmail (2:1.4.15-3) unstable; urgency=high

  * Cookies sent over HTTPS will now be confined to HTTPS only
    (cookie secure flag) and more support for the HTTPOnly cookie
    attribute. Patch taken from upstream release.
    (CVE-2008-3663, closes: #499942)

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 28 Sep 2008 16:33:48 +0200

squirrelmail (2:1.4.15-2) unstable; urgency=low

  * Update fortune location to Debian's default, thanks
    Richard Nelson, closes: #484835.
  * Conforms to Debian policy 3.8.0, no changes required.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 13 Jul 2008 15:31:17 +0200

squirrelmail (2:1.4.15-1) unstable; urgency=low

  * New upstream bugfix release.
  * Remove Sam Johnston from Uploaders.
  * Update README.locales to be more verbose about which locales
    need to be enabled on the system, thanks Daniel Hahler.
    (closes: #473861)
  * Do not install index.html under /usr/share/doc, it doesn't add
    much value but requires Debian-specific patching which still
    doesn't work well with gzipped files (closes: #457524).

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 24 May 2008 09:53:35 +0200

squirrelmail (2:1.4.13-2) unstable; urgency=low

  * Apply Debian-specific changes that somehow got lost in the
    previous upload (Closes: #457597, #457524).

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 23 Dec 2007 22:36:27 +0100

squirrelmail (2:1.4.13-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 15 Dec 2007 13:57:31 +0100

squirrelmail (2:1.4.12-1) unstable; urgency=low

  * New upstream release.
  * Minor packaging cleanups.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 06 Dec 2007 17:27:56 +0100

squirrelmail (2:1.4.11-2) unstable; urgency=low

  * Fix broken attachment handling in PHP4 by applying patch
    from upstream.
    NOTE: this is only a courtesy to PHP4 users, it must be noted
    that Debian does not support PHP4 in current unstable anymore.
    (Closes: #444970)

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 10 Oct 2007 09:56:53 +0200

squirrelmail (2:1.4.11-1) unstable; urgency=low

  * New upstream release. 
  * Remove workaround for buglet in dictionaries-common SquirrelMail interface.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 29 Sep 2007 10:41:21 +0200

squirrelmail (2:1.4.10a-2) unstable; urgency=low

  * Make use of new dictionaries-common SquirrelMail interface to
    detect the installed squirrelspell dictionaries (Closes: #420877).
  * Remove obsolete upgrading code.
  * Make sure config files are not closed with '?>' since it's then
    too easy to get stray whitespace at the end of the file.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 31 May 2007 19:34:29 +0200

squirrelmail (2:1.4.10a-1) unstable; urgency=high

  * New upstream security release.
    - Fixes cross site scripting in the HTML filter
      [CVE-2007-1262, CVE-2007-2589].
    - Tweaks SMTP error message display (Closes: #403705).
    - Fixes address duplication on reply-all (Closes: #408242).

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 10 May 2007 12:04:48 +0200

squirrelmail (2:1.4.9a-1) unstable; urgency=high

  * New upstream security release.
    - Additionally tightens HTML filter for IE <= 5 parsing
      absolutely everything and its horse.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon,  4 Dec 2006 09:18:09 +0100

squirrelmail (2:1.4.9-1) unstable; urgency=high

  * New upstream bugfix release.
    - Includes cross site scripting security fix [CVE-2006-6142].
    - Includes Internet Explorer security issue workaround.
    - Fixes misspelled constant (Closes: #401022)

 -- Thijs Kinkhorst <thijs@debian.org>  Sat,  2 Dec 2006 17:35:43 +0100

squirrelmail (2:1.4.8-3) unstable; urgency=low

  * Add note to README.Debian about server side sorting (Closes: #394286)
    and regular_globals not being supported.
  * Add IfModule conditionals for register_globals setting in
    apache.conf (Closes: #398173).

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 13 Nov 2006 16:29:33 +0100

squirrelmail (2:1.4.8-2) unstable; urgency=low

  * Update Debian patch to display options to cope with the custom
    charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
  * Suggest php[45]-ldap, Closes: #392306.
  * Improve package description.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 20 Oct 2006 16:36:36 +0200

squirrelmail (2:1.4.8-1) unstable; urgency=high

  * New upstream release
    - Includes security fix: variable overwriting in compose.php
      by logged-in user [CVE-2006-4019]
    - Does not ship SquirrelMail developer's documentation anymore.

  * Remove duplicate content from README.locales.
   

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 11 Aug 2006 13:53:20 +0200

squirrelmail (2:1.4.7-1) unstable; urgency=low

  * New upstream bugfix release.
    + Addresses some low-impact, theoretical or disputed security bugs,
      for which the code is tightened just-in-case:
      - Possible local file inclusion (Closes: #373731, CVE-2006-2842)
      - XSS in search.php (Closes: #375782, CVE-2006-3174)
    + Adds note to db-backend.txt about postgreSQL (Closes: #376605).

  * Checked for standards version to 3.7.2, no changes necessary.
  * Update maintainer address.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue,  4 Jul 2006 14:49:23 +0200

squirrelmail (2:1.4.6-1) unstable; urgency=high

  * New upstream release.
  * Includes the following security fixes:
    - Fix IMAP command injection in sqimap_mailbox_select
      with upstream patch. [CVE-2006-0377] (Closes: #354063)
    - Fix possible XSS in MagicHTML, concerning the parsing
      of u\rl and comments in styles. Internet Explorer
      specific. [CVE-2006-0195] (Closes: #354062)
    - Fix possible cross site scripting through the right_main
      parameter of webmail.php. This now uses a whitelist of
      acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)


 -- Thijs Kinkhorst <kink@squirrelmail.org>  Tue,  7 Mar 2006 14:56:06 +0100

squirrelmail (2:1.4.5+1.4.6rc1-1) experimental; urgency=low

  * Experimental package
  * New upstream version: 1.4.6 Release Candidate 1
    Many bugfixes, amongst which the following Debian bugs:
    + Works with newest PHP versions (Closes: #321565, #338649).
    + Fixes line wrapping for unicode characters (Closes: #330372).
    + Add support for limiting the length of the From address display
      (Closes: #279682).
  * Add Depends alternatives for PHP5.
  * Add Suggests for squirrelmail-decode, the library with charset decoding
    functions for complex and rare character sets.
  * Upgrade debhelper compatibility to the recommended level 5.
  * Add Homepage to package description.
  * Move package building from the binary-arch to the binary-indep target
    in debian/rules.

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Sat, 10 Dec 2005 18:13:43 +0100

squirrelmail (2:1.4.5-2) unstable; urgency=low

  [ Jeroen van Wolffelaar ]
  * Restore squirrelmail-configure manpage, accidently dropped in -1
  * Use debhelper compat level 4

  [ Thijs Kinkhorst ]
  * Drop obsolete symlink for attachment dir.
  * Do not ship upstream README, which contains hardly any information
    relevant to Debian. Extend README.Debian a bit. Thanks W. Borgert.
  * Add years to copyright statement.

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Mon, 15 Aug 2005 21:06:00 +0200

squirrelmail (2:1.4.5-1) unstable; urgency=low

  * New upstream release. (Closes: #319531)
    Many bugfixes, including the following Debian bugs:
    + Allows to use squirrelspell with PHP safe_mode (Closes: #220156).
    + Has multiple alternatives for locale names (Closes: #269790).
    + Option to set citation marker (Closes: #274595).
  * Dropped a lot of patches incorporated upstream
  * Add debian/watch file.
  * If default_pref file does not exist under var, do not attempt to move it
    to /etc (Closes: #309628).
  * Fix squirrelspell to read UTF8-encoded dictionary names correctly.
    (Closes: #311338)
  * Change Depends on squirrelmail-locales into Recommends; the depends
    was created to ease woody -> sarge upgrades, now a recommendation is
    sufficient (Closes: #319382).
  * Update Standards-Version to 3.6.2, no changes necessary.
  * Clean up rusty packaging.
  * Add depends-alternative for libapache-mod-php4, to prevent installs that
    have apache1 and libapache-mod-php4 but not the php4 meta package from
    dragging in apache2 (Closes: #320993).

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Wed,  3 Aug 2005 20:00:16 +0200

squirrelmail (2:1.4.4-6sarge1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Corrected the patch based on upstream input
    [src/options_identities.php, CAN-2005-2095]

 -- Martin Schulze <joey@gluck.debian.org>  Mon, 11 Jul 2005 15:21:59 +0000

squirrelmail (2:1.4.4-6) stable-security; urgency=high

  * Security fix, hence high urgency.
  * Apply patch provided by upstream to fix several cross site scripting
    flaws [CAN-2005-1769] (Closes: #314374)
  * Work around arbitrary variable injection via extract() [CAN-2005-2095]
    (Closes: #317094)

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Sat, 09 Jul 2005 11:57:20 +0200

squirrelmail (2:1.4.4-5) unstable; urgency=low

  * Add Suggests for imapproxy.
  * Update README.Debian with documentation about the Recommends and
    Suggests of this package.
  * Add advice about setting default options for your specific IMAP server.
  * Move fix for reloading signout.php from there to auth.php, because it
    broke plug-ins. Patch from upstream CVS. (Closes: #304422)
  * Correct spelling errors in Debian documentation.
  * Change "no JavaScript" to "no JavaScript required" in the package
    description because JavaScript can be used if available but is not
    depended on.

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Sat,  9 Apr 2005 13:35:19 +0200

squirrelmail (2:1.4.4-4) unstable; urgency=low

  * Make use of dictionaries-common (when available) to auto-detect
    spell checker settings (Closes: #283948)
  * Change default recommended spell checker to ispell.

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Sat, 26 Mar 2005 15:28:48 +0100

squirrelmail (2:1.4.4-3) unstable; urgency=low

  * Move default_pref config file from /var to /etc, as per Debian policy
    (Closes: #293281)
  * [JvW] (finally) override two lintian warnings about nonstandard
    permissions that are intentional (Closes: #293366)

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Sun,  6 Feb 2005 21:41:51 +0100

squirrelmail (2:1.4.4-2) unstable; urgency=low

  * Fix configtest.php to accept a non-readable data_dir, which is the
    default Debian configuration
  * [JvW] Depend on squirrelmail-locales, to ease upgrades woody->sarge
    (Closes: #292490)
  * Extend README.locales with information about the squirrelmail-locales
    package and add hint that a restart of Apache might be needed
  * Limit access to configtest.php to just localhost, to prevent
    information leakage (Closes: #293133)

 -- Thijs Kinkhorst <kink@squirrelmail.org>  Tue,  1 Feb 2005 14:26:41 +0100

squirrelmail (2:1.4.4-1) unstable; urgency=high

  * New upstream version: 1.4.4
    + Security: Added hook for Preferences Backend to resolve potential
      local file inclusion resulting in arbitrary code execution, warranting
      high urgency [CAN-2005-0075]
    + Security: Fix potential file inclusion issues in src/webmail.php.
      [CAN-2005-0103]
    + Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104]
  * Thijs Kinkhorst: Add missing docs to squirrelmail.docs file (Closes:
    #289088)

  Thanks a lot to Thijs Kinkhorst who worked hard to get 1.4.4 released, and
  helped tremendously with the packaging for Debian

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Sat, 22 Jan 2005 23:33:16 +0100

squirrelmail (2:1.4.3a+1.4.4rc1-0exp1) experimental; urgency=low

  * Experimental package
  * New upstream version: 1.4.4 Release Candidate 1
    + Fixes broken theme select box (Closes: #286374)
    + Fixes wrong German translation (Closes: #282829)
    + Fixes broken Unicode encoding (Closes: #270626)
    + Fixes signout error when timed out (Closes: #275941)
    + Removed several backported patches that are in 1.4.4 now
  * Locales are not in the squirrelmail package anymore, but a separate
    package, start to recommend it (squirrelmail-locales)

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Mon,  3 Jan 2005 00:28:32 +0100

squirrelmail (2:1.4.3a-3) unstable; urgency=high

  * Fix security issue: a remote attacker can compromise an account by
    sending a specially-crafted email containing JavaScript in a RFC2047
    encoded header [CAN-2004-1036] (Closes: #280591)
  * Fix spelling mistake in the name of Thijs Kinkhorst in Uploaders

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Tue, 16 Nov 2004 12:26:43 +0100

squirrelmail (2:1.4.3a-2) unstable; urgency=medium

  * Put myself as maintainer, and Sam Johnston as co-maintainer. Thijs
    Kinkhorst will also keep assisting in this package, he's co-maintainer too
    now. Thanks Sam, for the work you're putting into squirrelmail.
  * Checked for policy compliance with 3.6.1, no changes were needed, updated
    Standards-Version
  * Fix conf.pl detection of magic $domain contents (Closes: #271374)
  * Default to use /etc/mailname if it exists as default domain, use
    /etc/hostname only as fallback, as indicated by policy 11.6 (Mail
    transport, delivery and user agents)
  * cron.daily now checks whether the to-be-cleaned directory actually exists,
    and exits gracefully if not (Closes: #272046)
  * Now really fix the default apache.conf ssl-redirection example, also noted
    that it's just that, an example, and might not always work (Closes: #267777)

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Wed, 22 Sep 2004 00:59:48 +0200

squirrelmail (2:1.4.3a-1) unstable; urgency=low

  * Signed and incremented by maintainer on vacation. Closes: #255752.
  * Updated SSL RewriteCond directive to resolve loop. Closes: #267777.

 -- Sam Johnston <samj@aos.net.au>  Tue, 24 Aug 2004 23:27:24 +1000

squirrelmail (2:1.4.3a-0.3) unstable; urgency=low

  * Non-Maintainer Upload in cooperation with Thijs Kinkhorst
  * Applied patch from stable CVS that refuses to LOGIN (plaintext
    IMAP-authentication) if the server advertises that is not supported, and
    gives an appropriate error message (Closes: #266099)
  * Don't put a newline in $domain in the default config

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Thu, 19 Aug 2004 01:08:01 +0200

squirrelmail (2:1.4.3a-0.2) unstable; urgency=medium

  * Non-Maintainer Upload in cooperation with Thijs Kinkhorst
  * [TK] Apply simple patch from upstream stable CVS fixing sending of
    RFC-violating Message-ID's (class/deliver/Deliver.class.php
    r1.18.2.11 & r1.18.2.12)
  * Remove symlink in /var/www/ that kept being recreated, updated
    README.Debian accordingly (Closes: #261102)
  * Prevent dh_fixperms from resetting special permission of
    /var/lib/squirrelmail/data/ and /var/spool/squirrelmail/attach/, so that
    the buggy workaround in postinst can be removed (Closes: #263936)
  * Suggests php4-pear now (useful for database-backed preferences and
    addressbooks)

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Fri, 13 Aug 2004 14:46:25 +0200

squirrelmail (2:1.4.3a-0.1) unstable; urgency=low

  * Non-Maintainer Upload in cooperation with Thijs Kinkhorst
    <thijs@kinkhorst.com>, upstream SquirrelMail developer
  * Reverted away from the development branch to the stable branch
    (Closes: #232995)
    - This re-introduces the translations (Closes: #232944)
    - Experimental mailbox-tree code is 1.5.x only (Closes: #231687, #233550,
      also closes: #250411)
    - imap_general experimental code was buggy in 1.5.0 only (Closes: #246097)
    - A buggy CRAM-MD5 check was 1.5.0 only too (Closes: #239566)
  * New upstream
  * Backport fix that was already in the 1.5.0 package fixing RFC3501
    compliance for mailbox naming, keeping #176590 and #215183 closed
    (by Thijs, he committed it in upstream CVS on the 1.4 branch as
    functions/imap_mailbox.php 1.172.2.11)
  * Prefer apache2 and its php4 module in the Depends
    (Closes: #250303, #251656)
  * Dropped dependency on php4-pear, and added a proper error when using the
    preferences/addressbook-in-database feature suggesting to install it
  * Turn register_globals off for SquirrelMail, rather than on, since this is
    supported (even recommended) for nowaday's SquirrelMail
  * Add debhelper tokens to the postinst and postrm, this removes the now
    needless debconf purge on package purge, and the debconf dependency
  * On purge, remove user data in /var/{lib,spool}/squirrelmail too
  * Stop distributing UPGRADE and a duplicate copy of the upstream changelog
  * In README, tell about README.Debian instead of referring to 'INSTALL'
  * The README.Debian is more clear about configuring with Apache
  * Update 'copyright' file with general download location and correct the
    copyright holder to "The SquirrelMail Project Team".
  * In index.html, have proper (though still not complete) references to
    available documents in /usr/share/doc/squirrelmail (Closes: #246722)
  * Removed bogus 'Closes' line in last changelog entry

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Tue, 22 Jun 2004 19:37:36 +0200

squirrelmail (1:1.5.0-1) unstable; urgency=low

  * New upstream release.
  * RFC3501 compliance for mailbox naming (eg trailing spaces).
    Closes: #176590, #215183.
  * Adds a squirrelmail symlink in /var/www/. Closes: #229282.
  * Adds PHP safe_mode workaround to README.Debian. Closes: #222071.
  * Adds daily cron job to clean attachments directory. Closes: #228400.
  * Checks for config_default.php before copying in postinst.
    Closes: #229737.

 -- Sam Johnston <samj@aos.net.au>  Wed,  4 Feb 2004 01:42:12 +1100

squirrelmail (1:1.4.2-1) unstable; urgency=medium

  * New upstream release. Closes: #204058.
  * Significant improvements over (broken) 1.4.0-1 package.
  * PHP compatability fixes. Closes: #202368.
  * conf.pl corrupts theme paths issue resolved.
    Closes: #175773, #180108, #188441, #190315, #190923, #191028.
  * Backwards compatible with stripped path themes (previous debs).
  * Highlighting issue (1.4.0) resolved. Closes: #188631.
  * Rendering issues with problem emails resolved. Closes: #205572.
  * Resource utilisation improvements. Closes: #191856, #189602.
  * README reference to upstream INSTALL document updated.
    Closes: #173367, 178951.
  * All known XSS exploits resolved. Closes: #167471.
  * Folder list refreshes on login. Closes: #165753.
  * $domain variable set to contents of /etc/hostname. Closes: #198747.
  * Trims of HTTP_HOST port number for use in SMTP HELO. Closes: #200108.
  * Fails gracefully when IMAP server unavailable. Closes: #192239.
  * Recommends rather than depends on spell checker. Closes: #193680.
  * DirectoryIndex directive added to apache.conf. Closes: #201022.
  * Plugin config(s) moved to /etc. Closes: #146416.
  * Properly handles accents and tildes in To:, Subject: etc headers.
    Closes: #150338, #179166.
  * No (broken) 'Save' button in printable version. Closes: #185602.
  * Removes /usr/share/squirrelmail/data iff is is a symbolic link.
    Closes: #188143.
  * Resolves policy violation by replacing conf.pl (executable in /etc)
    with a symlink to /usr/sbin/squirrelmail-configure. Closes: #163995.

 -- Sam Johnston <samj@aos.net.au>  Mon,  6 Oct 2003 07:44:12 +1000

squirrelmail (1:1.4.0-1) unstable; urgency=low

  * New upstream release. Closes: #179864, 134237.
  * Resolves XSS security issues. Closes: #182008.
  * Resolves default theme login problem. Closes: #174262.
  * conf.pl cwd calls hardwired. Closes: #173516.
  * conf.pl no longer breaks existing configs. Closes: #175773.
  * blank lines no longer removed by compose.php. Closes: #175842.
  * proto checking more robust. Closes: #178130.
  * uses /etc/mailname instead of mydomain.com. Closes: #181619, 176777.
  * added https redirect to example apache.conf. Closes: #172938.
  * depends on php4-pear. Closes: #173256.
  * indent problem resolved. Closes: #186506.
  * no longer creates data symlink, removes existing. Closes: #181537.
  * default_pref is a conffile - no longer written over. Closes: #178815.

 -- Sam Johnston <samj@aos.net.au>  Tue,  8 Apr 2003 02:06:40 +1000

squirrelmail (1:1.3.2+1.4.0rc1-1) unstable; urgency=low

  * New upstream release candidate

 -- Sam Johnston <samj@debian.org>  Thu,  2 Jan 2003 09:03:47 +1100

squirrelmail (1:1.3.2-2) unstable; urgency=high

  * Fixed cross site scripting problem in read_body.php (BugTraq ID 6302,
    CAN-2002-1341)

 -- Sam Johnston <samj@debian.org>  Sun, 22 Dec 2002 03:56:23 +1100

squirrelmail (1:1.3.2-1) unstable; urgency=low

  * New upstream release - tracking development
  * Removed debconf/wwwconfig scripts. Closes: #164605, #136612, #137165.
  * Fixed dependencies (php4-cgi httpd). Closes: #152062, #152882.
  * Japanese patch included upstream. Closes: #159454.
  * Folder rename issue resolved upstream. Closes: #166297.
  * display_messages doc root issue resolved upstream. Closes: #165103.

 -- Sam Johnston <samj@debian.org>  Thu,  7 Nov 2002 12:02:23 +1100

squirrelmail (1:1.2.8-1) unstable; urgency=low

  * New upstream release

 -- Sam Johnston <samj@debian.org>  Mon,  7 Oct 2002 23:37:40 +1000

squirrelmail (1:1.2.7-1) unstable; urgency=low

  * New upstream release

 -- Sam Johnston <samj@debian.org>  Mon, 24 Jun 2002 01:08:23 +1000

squirrelmail (1:1.2.6-1) unstable; urgency=high

  * New upstream *SECURITY* release
  * Resolves local unprivileged exploit. Closes: #144496.
  * Adds README.locales with information about languages. Closes #143277.
  * Resolves typo in conf.pl (Save data repeated). Closes: #140506.
  * Adds russian templates for debconf. Closes #136612, #137165.

 -- Sam Johnston <samj@debian.org>  Tue, 30 Apr 2002 18:53:46 +1000

squirrelmail (1:1.2.5-1) unstable; urgency=low

  * New upstream release. Closes: #138181.
  * Fixed typo in debconf template. Closes: #131755.
  * Installs default config_default.php file on new installations.
    Closes: #136776.

 -- Sam Johnston <samj@debian.org>  Tue, 19 Mar 2002 01:51:08 +1100

squirrelmail (1:1.2.4-1) unstable; urgency=high

  * New upstream *SECURITY* release
  * Fixes remote exploit in squirrelspell plugin. Closes: #130754.

 -- Sam Johnston <samj@debian.org>  Sat, 26 Jan 2002 06:22:30 +1100

squirrelmail (1:1.2.3-2) unstable; urgency=low

  * Resolves theme path issue (themes work again). Closes: #129406.

 -- Sam Johnston <samj@debian.org>  Thu, 24 Jan 2002 03:46:14 +1100

squirrelmail (1:1.2.3-1) unstable; urgency=medium

  * New upstream release

 -- Sam Johnston <samj@debian.org>  Wed, 23 Jan 2002 03:12:34 +1100

squirrelmail (1:1.2.2.20020116-1) unstable; urgency=low

  * New upstream release (tracking CVS due to problems with releases, PHP
    4.1 migration, etc.) Closes: #128228.
  * Fixes typo in the control file (description). Closes: #129350.
  * Uses php_flags syntax for register_globals workaround.
    Closes: #128226.
  * Resolves conf.pl hanging problem by calling db_stop from maintainer
    scripts when debconf is finished with. Closes: #128142.
  * Various fixes to keep lintian happy

 -- Sam Johnston <samj@debian.org>  Thu, 17 Jan 2002 02:49:05 +1100

squirrelmail (1:1.2.2-2) unstable; urgency=medium

  * Added support for apache-ssl. SSL (not necessarily apache-ssl) is
    recommended for all installations which involve sessions over untrusted
    networks as passwords are sent in clear text, and message contents
    may be confidential. Closes: #114545, #115140.
  * Added preliminary debconf support for selecting webserver type for
    autoconfiguration (we can set up PHP, and #include the SquirrelMail
    apache.conf file in most cases, avoiding the need for any manual
    changes). Closes: #125590.

 -- Sam Johnston <samj@debian.org>  Wed,  2 Jan 2002 17:23:56 +1100

squirrelmail (1:1.2.2-1) unstable; urgency=medium

  * New upstream release
  * Resolved problem finding plugins by replacing relative plugin dir
    references with absolute references. Closes: #115163.
  * Resolved problem finding themes by removing relative themes dir
    (unnecessarily included in each theme definition), instead hardcoding
    it in the php script(s) which reference themes. Closes: #116285.
  * Resolved conf.pl problems preventing it from being executed from
    outside the squirrelmail dir by referencing /etc/squirrelmail.
    Closes: #119859.
  * Suggests imap-server. Does not depend as many (most?) sites will/
    should be running SM on a separate machine. Feedback about this
    decision welcome. Closes: #114543.
  * Suggests ispell | aspell as SquirrelSpell is now included in the
    main distribution. The sqspell config file is now a conffile to
    prevent overwrites.

 -- Sam Johnston <samj@debian.org>  Wed,  2 Jan 2002 15:20:07 +1100

squirrelmail (1:1.2.0-1) unstable; urgency=low

  * New upstream release
  * Plugin detection/symlink problem in conf.pl fixed
  * Merry Christmas

 -- Sam Johnston <samj@debian.org>  Tue, 25 Dec 2001 18:31:05 +1100

squirrelmail (1.2.0-rc3-2) unstable; urgency=low

  * Edited apache configuration to resolve 404 errors. There is some
    discussion upstream about incompatibilities between SM and PHP
    4.1.0, including a discussion about get_location returning null
    so I expect these issues will be resolved by the (christmas day)
    release of 1.2.0. Closes #125866.

 -- Sam Johnston <samj@debian.org>  Thu, 20 Dec 2001 11:37:00 +1100

squirrelmail (1.2.0-rc3-1) unstable; urgency=low

  * New upstream release
  * Fixed up description formatting problem. Closes: #114871
  * Removed require_once patches applied in rc2-2. Fixed upstream.
  * Fixed password parsing problem. Closes: #115225
  * Speed improvements and optimisations
  * Several plugins integrated into the core or added as 'official'
  * New paginator, rewrite of option pages code, etc.

 -- Sam Johnston <samj@debian.org>  Sun, 16 Dec 2001 23:53:36 +1100

squirrelmail (1.2.0-rc2-3) unstable; urgency=low

  * Created a fairly intelligent script for packaging up plugins.
    It goes by the name of smpackage and it lives in the examples
    directory, for want of a better home.
  * Uploaded 40-something libsquirrelmail-* plugin packages. Enjoy.

 -- Sam Johnston <samj@debian.org>  Mon,  8 Oct 2001 03:16:24 +1000

squirrelmail (1.2.0-rc2-2) unstable; urgency=low

  * Resolved problems with redeclaring functions by replacing include()s
    with require_once()s
  * Closes: 114531

 -- Sam Johnston <samj@debian.org>  Fri,  5 Oct 2001 18:18:53 +1000

squirrelmail (1.2.0-rc2-1) unstable; urgency=low

  * New upstream release

 -- Sam Johnston <samj@debian.org>  Wed,  3 Oct 2001 00:08:20 +1000

squirrelmail (1.0.6-2) unstable; urgency=low

  * Added support to conf.pl for automated plugin installation and removal

 -- Sam Johnston <samj@debian.org>  Tue,  2 Oct 2001 22:15:25 +1000

squirrelmail (1.0.6-1) unstable; urgency=low

  * Initial Release
  * Kudos to Bart Bunting for his initial work on packaging
    squirrelmail
  * Closes #86125

 -- Sam Johnston <samj@debian.org>  Tue,  2 Oct 2001 21:39:10 +1000

vim: et
