Fedora Test Update Notification: squirrelmail

Jesse Keating jkeating at j2solutions.net
Thu Jun 17 04:25:29 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1733
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1733
2004-06-17
- ---------------------------------------------------------------------
 
Name        : squirrelmail
Version 9   : 1.4.3-0.f0.9.1.legacy
Summary     : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers.  It has very few requirements and is very
easy to configure and install. SquirrelMail has all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.
 
- ---------------------------------------------------------------------
Update Information:
 
It has been reported that SquirrelMail is affected by a cross-site 
scripting
vulnerability in the handling of folder name displays. This issue is due to 
a
failure of the application to properly sanitize user-supplied input prior 
to
including it in dynamic web content.
 
This issue may allow for theft of cookie-based authentication credentials. 
Other
attacks are also possible.
- ---------------------------------------------------------------------
Changelog:
 
9:
 
* Tue Jun 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.4.3-0.f0.9.1.legacy
 
- - Rebuilt as Fedora Legacy update for rh9 (XSS vulnerabilities)
 
* Mon Jun 07 2004 Gary Benson <gbenson at redhat.com> 1.4.3-0.f1.1
 
- - upgrade to 1.4.3a.
- - retain stuff after version when adding release to it.
 
* Wed Jun 02 2004 Gary Benson <gbenson at redhat.com>
 
- - upgrade to 1.4.3.
 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
c11465630aac1834c37b9af25dc77bccfd1785be  
9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.1.legacy.src.rpm
de580a0c9f0b5d8129b0dc5b11671ce9c8e8446f  
9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.1.legacy.noarch.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0R054v2HLvE71NURAkrIAJsE0B9DkSGom8ueRQ64GJNTxKJldACgssWa
ocfOaEJNPQSyXgIue2exGqU=
=+RHc
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list