-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, The SquirrelMail Project Team is proud to announce the release of SquirrelMail 1.4.7. This version is a maintenance release, addressing the following problems since 1.4.6: - - Minor security fixes (see below) - - A lot of bugfixes (see ChangeLog) - - Added support for Ukrainian Security issues =============== This release addresses two different security issues found since the release of 1.4.6, which we consider to be of minor severity, but they have of course been fixed: - - It was possible to include a local file through functions/plugin.php with register_globals enabled, and magic_quotes disabled. However, running with register_globals enabled is completely unnecessary and a well-known security hazard. We've now changed the code such that when register_globals is enabled, all globals are deregistered. Reported by Denix Solutions, thanks! - - It was possible to steal a cookie of a user that ran on the same base domain. Since this setup is already inherently insecure we don't think the impact is big, but the code was of course fixed to also incorporate the path to SquirrelMail. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/ We strongly encourage any persons uncovering security issues to contact the SquirrelMail team via security <at> squirrelmail.org. Package md5sums =============== 08301f14d71e4452e93f21b5e6747a4a squirrelmail-1.4.7.tar.bz2 f53c91d7799cd8fd9d0550f2cc7a8815 squirrelmail-1.4.7.tar.gz 32688d817c6dc537ea8d3b9e84f47d4c squirrelmail-1.4.7.zip 4b78f4612ef0a68e5a81a818a113497c all_locales-1.4.7-20060702.tar.bz2 d89415a37ebb83e5910a8f7b3219a0be all_locales-1.4.7-20060702.tar.gz 18cb3083488f26cd7e99daf16a497fc1 all_locales-1.4.7-20060702.zip - -- Tomas Kuliavas The SquirrelMail Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEqst2aYoxl8XwnvYRAj02AJ0YiYIzdrh9VQTh7FdP76VEgUjO3QCfVwaL wy4ixnh6UorXuNwpQLZisgE= =VA8Q -----END PGP SIGNATURE----- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 -- squirrelmail-announce mailing list List Address: squirrelmail-announce@xxxxxxxxxxxxxxxxxxxxx List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
