--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2290 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2290 2005-02-04 ---------------------------------------------------------------------
Name : squirrelmail Versions : rh9: squirrelmail-1.4.3-0.f0.9.2.legacy Versions : fc1: squirrelmail-1.4.3-0.f1.1.1.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has a all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.
--------------------------------------------------------------------- Update Information:
An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available.
A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which could result in causing the victim's machine to execute a malicious script. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1036 to this issue.
Users of SquirrelMail are advised to upgrade to this updated package which contains a patched version of SquirrelMail version 1.43a and is not vulnerable to this issue.
--------------------------------------------------------------------- Changelogs
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
Attachment:
signature.asc
Description: OpenPGP digital signature