SquirrelMail 1.4.9 Released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello All,

The SquirrelMail Project Team is proud to announce the release of
SquirrelMail 1.4.7. This version is a maintenance release, addressing
the following problems since 1.4.6:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes (see ChangeLog)

Security issues
===============

This release addresses security issues found since the release of 1.4.8:

Cross site scripting via malicious input the mailto parameter of
webmail.php, the session and delete_draft parameters of compose.php and
via a shortcoming in the magicHTML filter.

This is CVE-2006-6142. Thanks for Martijn Brinkers for his continued
research that uncovered these issues.

We've also changed SquirrelMail attachment handling to work around an
issue in Internet Explorer: the browser will attempt to guess the MIME
type of attachments based on content, not the MIME header we send.
Attachments could fake to be an 'harmless' image/jpeg, while they were
in fact HTML that Internet Explorer would render.

Further details on SquirrelMail vulnerabilities can be found at the
following address:

  http://www.squirrelmail.org/security/

We strongly encourage any persons uncovering security issues to
contact the SquirrelMail team via security <at> squirrelmail.org.

Package md5sums
===============

b3dc6e3c5accb9b88bf6ebfd87336b96  squirrelmail-1.4.9.tar.bz2
5a3ecbda6d8378c68fa40b4ac5b2d487  squirrelmail-1.4.9.tar.gz
875848f25d481b59552d4e93aaacba4c  squirrelmail-1.4.9.zip


Download at:

  http://www.squirrelmail.org/download.php

Happy SquirrelMailing!

-- 
Thijs Kinkhorst
SquirrelMail Project Team

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux