--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-163047 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 2005-08-10 --------------------------------------------------------------------- Name : squirrelmail Versions : rh9: squirrelmail-1.4.3-0.f0.9.6.legacy Versions : fc1: squirrelmail-1.4.3-0.f1.1.5.legacy Versions : fc2: squirrelmail-1.4.4-1.FC2.2.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has a all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An updated squirrelmail package that fixes two security issues is now available. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. --------------------------------------------------------------------- Changelogs rh9: * Wed Aug 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.3-0.f0.9.6.legacy - Remove a backup file the patch left behind * Fri Aug 05 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.4.3-0.f0.9.5.legacy - Updated patch for CAN-2005-1769 that doesn't break addressbook (#165094) * Wed Aug 03 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.4.3-0.f0.9.4.legacy - Patches for CAN-2005-1769 and CAN-2005-2095 (#163047) fc1: * Wed Aug 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.3-0.f1.1.5.legacy - Remove a backup file the patch left behind * Fri Aug 05 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.4.3-0.f1.1.4.legacy - Updated patch for CAN-2005-1769 which doesn't break addressbook (#165094) * Wed Aug 03 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.4.3-0.f1.1.3.legacy - Patches for CAN-2005-1769 and CAN-2005-2095 (#163047) fc2: * Wed Aug 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.4-1.FC2.2.legacy - Don't create backup files when applying patches * Tue Jul 26 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.4.4-1.FC2.1.legacy - Patches for CAN-2005-1769 and CAN-2005-2095 (#163047) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 5182c295693a72d9602945a5985c39c125f2b422 redhat/9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.6.legacy.noarch.rpm 1aec842c861408106c2818cf4c58caf762367230 redhat/9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.6.legacy.src.rpm fc1: 10dcfc4975cbe049df638ff43304e0a6a22f58a2 fedora/1/updates-testing/i386/squirrelmail-1.4.3-0.f1.1.5.legacy.noarch.rpm 5f0c54493ae619de8a85813947470bfedd5415f2 fedora/1/updates-testing/SRPMS/squirrelmail-1.4.3-0.f1.1.5.legacy.src.rpm fc2: 83e7c1b6a1f070894be5456b3dd850b3a6f090b2 fedora/2/updates-testing/i386/squirrelmail-1.4.4-1.FC2.2.legacy.noarch.rpm de4f2ef84e23b310f7f845ee8624360dadb7b74d fedora/2/updates-testing/SRPMS/squirrelmail-1.4.4-1.FC2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
