Fedora Legacy Test Update Notification: squirrelmail

Marc Deslauriers marcdeslauriers at videotron.ca
Tue May 16 00:16:51 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-190884
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190884
2006-05-15
---------------------------------------------------------------------

Name        : squirrelmail
Versions    : rh9: squirrelmail-1.4.6-3.rh9.1.legacy
Versions    : fc1: squirrelmail-1.4.6-4.fc1.1.legacy
Versions    : fc2: squirrelmail-1.4.6-4.fc2.1.legacy
Versions    : fc3: squirrelmail-1.4.6-4.fc3.1.legacy
Summary     : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers.  It has very few requirements and is very
easy to configure and install. SquirrelMail has a all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

---------------------------------------------------------------------
Update Information:

An updated squirrelmail package that fixes three security and many other
bug issues is now available.

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail presents the right frame to the
user. If a user can be tricked into opening a carefully crafted URL, it
is possible to present the user with arbitrary HTML data.
(CVE-2006-0188)

A bug was found in the way SquirrelMail filters incoming HTML email. It
is possible to cause a victim's web browser to request remote content by
opening a HTML email while running a web browser that processes certain
types of invalid style sheets. Only Internet Explorer is known to
process such malformed style sheets. (CVE-2006-0195)

A bug was found in the way SquirrelMail processes a request to select an
IMAP mailbox. If a user can be tricked into opening a carefully crafted
URL, it is possible to execute arbitrary IMAP commands as the user
viewing their mail with SquirrelMail. (CVE-2006-0377)

Users of SquirrelMail are advised to upgrade to this updated package,
which contains SquirrelMail version 1.4.6 and is not vulnerable to these
issues.

---------------------------------------------------------------------
Changelogs

rh9:
* Fri May 05 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.6-3.rh9.1.legacy
- Rebuilt as Fedora Legacy update for rh9
- Remove default_folder_prefix changes
- Remove php-mbstring Requires

fc1:
* Fri May 05 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.6-4.fc1.1.legacy
- Rebuilt as Fedora Legacy update for fc1
- Remove default_folder_prefix changes

fc2:
* Fri May 05 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.6-4.fc2.1.legacy
- Rebuilt as Fedora Legacy update for fc2

fc3:
* Fri May 05 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.6-4.fc3.1.legacy
- Rebuilt as Fedora Legacy update for fc3

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh9:
62ae72ed168667c97e1b6ccc5bc23dea6c374bcb
redhat/9/updates-testing/i386/squirrelmail-1.4.6-3.rh9.1.legacy.noarch.rpm
51264756a2f2bb5d8e6f5b6d1d33dcba40f41a68
redhat/9/updates-testing/SRPMS/squirrelmail-1.4.6-3.rh9.1.legacy.src.rpm

fc1:
0e2dbf765d4df6592fad31ff331a3101fd33674e
fedora/1/updates-testing/i386/squirrelmail-1.4.6-4.fc1.1.legacy.noarch.rpm
7c6d183c795bfd1da1e872a74e7ff1f197afb93a
fedora/1/updates-testing/SRPMS/squirrelmail-1.4.6-4.fc1.1.legacy.src.rpm

fc2:
36bc9ae701f8844d6369dde0f2d4a537b2dce85c
fedora/2/updates-testing/i386/squirrelmail-1.4.6-4.fc2.1.legacy.noarch.rpm
60098c585bc6bab9df4e3883e3a0b0762fd4dc6d
fedora/2/updates-testing/SRPMS/squirrelmail-1.4.6-4.fc2.1.legacy.src.rpm

fc3:
9e96352495249c4aa526b24729128696467ca728
fedora/3/updates-testing/i386/squirrelmail-1.4.6-4.fc3.1.legacy.noarch.rpm
3003904d9a5594cb6e3ebb190930bb9d82d83f60
fedora/3/updates-testing/SRPMS/squirrelmail-1.4.6-4.fc3.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060515/25e246a3/attachment.sig>

More information about the fedora-legacy-list mailing list