From: kink Date: Sun, 16 Jul 2006 18:06:55 +0000 (+0000) Subject: list cve's that are fixed by the deregister globals code X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=ea40af7b9a2e095f273b77b15324ca39ef588e60;p=squirrelmail.git list cve's that are fixed by the deregister globals code git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11402 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/ChangeLog b/ChangeLog index 3cfd2f1b..ca8688ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -596,7 +596,7 @@ Version 1.5.1 (branched on 2006-02-12) - Add doc/security.txt with some hints for a more secure installation. - Added sqauth_read_password() and sqauth_save_password() functions. - Unset global GET, POST and COOKIE variables registered in PHP - register_globals=on setups. + register_globals=on setups. (Also addresses: CVE-2006-2842, CVE-2006-3174) - Capabilities array now contains all multivalue information provided by the IMAP server. (Such as THREAD=SORT, THREAD=REFERENCES). - Inclusion of Compatibility plugin automatic (no patch needed for plugin)