-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1733 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1733 2004-06-17 - --------------------------------------------------------------------- Name : squirrelmail Version 9 : 1.4.3-0.f0.9.1.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. - --------------------------------------------------------------------- Update Information: It has been reported that SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. This issue may allow for theft of cookie-based authentication credentials. Other attacks are also possible. - --------------------------------------------------------------------- Changelog: 9: * Tue Jun 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.3-0.f0.9.1.legacy - - Rebuilt as Fedora Legacy update for rh9 (XSS vulnerabilities) * Mon Jun 07 2004 Gary Benson <gbenson@xxxxxxxxxx> 1.4.3-0.f1.1 - - upgrade to 1.4.3a. - - retain stuff after version when adding release to it. * Wed Jun 02 2004 Gary Benson <gbenson@xxxxxxxxxx> - - upgrade to 1.4.3. - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ c11465630aac1834c37b9af25dc77bccfd1785be 9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.1.legacy.src.rpm de580a0c9f0b5d8129b0dc5b11671ce9c8e8446f 9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.1.legacy.noarch.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. - --------------------------------------------------------------------- - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0R054v2HLvE71NURAkrIAJsE0B9DkSGom8ueRQ64GJNTxKJldACgssWa ocfOaEJNPQSyXgIue2exGqU= =+RHc -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
