Fedora Legacy Test Update Notification: squirrelmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2290
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2290
2005-02-04
---------------------------------------------------------------------

Name        : squirrelmail
Versions    : rh9: squirrelmail-1.4.3-0.f0.9.2.legacy
Versions    : fc1: squirrelmail-1.4.3-0.f1.1.1.legacy
Summary     : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers.  It has very few requirements and is very
easy to configure and install. SquirrelMail has a all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

---------------------------------------------------------------------
Update Information:

An updated SquirrelMail package that fixes a cross-site scripting
vulnerability is now available.

SquirrelMail is a webmail package written in PHP.

A cross-site scripting bug has been found in SquirrelMail. This issue
could allow an attacker to send a mail with a carefully crafted header,
which could result in causing the victim's machine to execute a
malicious script. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2004-1036 to this issue.

Users of SquirrelMail are advised to upgrade to this updated package
which contains a patched version of SquirrelMail version 1.43a and is
not vulnerable to this issue.

---------------------------------------------------------------------
Changelogs

rh9:
* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.4.3-0.f0.9.2.legacy
- apply patch for CAN-2004-1036 (FL #2290)


fc1:
* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.4.3-0.f1.1.1.legacy
- apply patch for CAN-2004-1036 (FL #2290)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh9:
70a95848a63e3f0caf14eddd9b4f63f26e5d4b4c redhat/9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.2.legacy.noarch.rpm
3a9f9a54eb6fa2d79c6b480d70292816237b4263 redhat/9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.2.legacy.src.rpm


fc1:
a91b0a418a3f194f2ac16ee1301bd975bb774dbd fedora/1/updates-testing/i386/squirrelmail-1.4.3-0.f1.1.1.legacy.noarch.rpm
049b249c7bcc08135395063b79aa7a240e201ca7 fedora/1/updates-testing/SRPMS/squirrelmail-1.4.3-0.f1.1.1.legacy.src.rpm


---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux