--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-190884 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190884 2006-05-15 --------------------------------------------------------------------- Name : squirrelmail Versions : rh9: squirrelmail-1.4.6-3.rh9.1.legacy Versions : fc1: squirrelmail-1.4.6-4.fc1.1.legacy Versions : fc2: squirrelmail-1.4.6-4.fc2.1.legacy Versions : fc3: squirrelmail-1.4.6-4.fc3.1.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has a all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An updated squirrelmail package that fixes three security and many other bug issues is now available. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195) A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377) Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh9: * Fri May 05 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.6-3.rh9.1.legacy - Rebuilt as Fedora Legacy update for rh9 - Remove default_folder_prefix changes - Remove php-mbstring Requires fc1: * Fri May 05 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.6-4.fc1.1.legacy - Rebuilt as Fedora Legacy update for fc1 - Remove default_folder_prefix changes fc2: * Fri May 05 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.6-4.fc2.1.legacy - Rebuilt as Fedora Legacy update for fc2 fc3: * Fri May 05 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.4.6-4.fc3.1.legacy - Rebuilt as Fedora Legacy update for fc3 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 62ae72ed168667c97e1b6ccc5bc23dea6c374bcb redhat/9/updates-testing/i386/squirrelmail-1.4.6-3.rh9.1.legacy.noarch.rpm 51264756a2f2bb5d8e6f5b6d1d33dcba40f41a68 redhat/9/updates-testing/SRPMS/squirrelmail-1.4.6-3.rh9.1.legacy.src.rpm fc1: 0e2dbf765d4df6592fad31ff331a3101fd33674e fedora/1/updates-testing/i386/squirrelmail-1.4.6-4.fc1.1.legacy.noarch.rpm 7c6d183c795bfd1da1e872a74e7ff1f197afb93a fedora/1/updates-testing/SRPMS/squirrelmail-1.4.6-4.fc1.1.legacy.src.rpm fc2: 36bc9ae701f8844d6369dde0f2d4a537b2dce85c fedora/2/updates-testing/i386/squirrelmail-1.4.6-4.fc2.1.legacy.noarch.rpm 60098c585bc6bab9df4e3883e3a0b0762fd4dc6d fedora/2/updates-testing/SRPMS/squirrelmail-1.4.6-4.fc2.1.legacy.src.rpm fc3: 9e96352495249c4aa526b24729128696467ca728 fedora/3/updates-testing/i386/squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm 3003904d9a5594cb6e3ebb190930bb9d82d83f60 fedora/3/updates-testing/SRPMS/squirrelmail-1.4.6-4.fc3.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
