debian/patches/disable-dns-prefetch.patch

   1 Disable DNS prefetching to solve CVE-2010-0464.
   2
   3 Index: program/include/rcube_html_page.php
   4 ===================================================================
   5 --- rcube/program/include/rcube_html_page.php   (revision 3214)
   6 +++ rcube/program/include/rcube_html_page.php   (working copy)
   7 @@ -165,6 +165,13 @@
   8              $__page_header.= $this->charset . '" />'."\n";
   9          }
  10
  11 +        // add hint to disable DNS prefetching
  12 +        if (!headers_sent()) {
  13 +            header('X-DNS-Prefetch-Control: off');
  14 +        } else {
  15 +            $__page_header.= '<meta http-equiv="x-dns-prefetch-control" content="off" />'."\n";
  16 +        }
  17 +
  18          // definition of the code to be placed in the document header and footer
  19          if (is_array($this->script_files['head'])) {
  20              foreach ($this->script_files['head'] as $file) {