-
Committer:
Package Import Robot
-
Author(s):
Kilian Krause
-
Date:
2012-11-07 13:55:06 UTC
-
mfrom:
(13.1.14 sid)
-
Revision ID:
package-import@ubuntu.com-20121107135506-7fc1c200vokhgcqo
Tags: 20121107-1
* New upstream release: 20121107
- SECURITY BUGFIX:
A restricted user could upload a file to a non-existent recipient in an
allowed domain and afterwards redirect this file to another recipient in a
forbidden domain ==> sender can bypass domain restrictions.
If you do not have restricted users you are not affected by this bug
(subusers do not count as restricted users).
- fac: the admin can restrict up or download for certain users to certain
IP addresses.