Fedora Legacy Test Update Notification: squirrelmail

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Aug 11 00:37:32 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-163047
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047
2005-08-10
---------------------------------------------------------------------

Name        : squirrelmail
Versions    : rh9: squirrelmail-1.4.3-0.f0.9.6.legacy
Versions    : fc1: squirrelmail-1.4.3-0.f1.1.5.legacy
Versions    : fc2: squirrelmail-1.4.4-1.FC2.2.legacy
Summary     : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers.  It has very few requirements and is very
easy to configure and install. SquirrelMail has a all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

---------------------------------------------------------------------
Update Information:

An updated squirrelmail package that fixes two security issues is now
available.

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail handled the $_POST variable. If
a user is tricked into visiting a malicious URL, the user's SquirrelMail
preferences could be read or modified. The Common Vulnerabilities and
Exposures project assigned the name CAN-2005-2095 to this issue.

Several cross-site scripting bugs were discovered in SquirrelMail. An
attacker could inject arbitrary Javascript or HTML content into
SquirrelMail pages by tricking a user into visiting a carefully crafted
URL, or by sending them a carefully constructed HTML email message. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-1769 to this issue.

All users of SquirrelMail should upgrade to this updated package, which
contains backported patches that resolve these issues.

---------------------------------------------------------------------
Changelogs

rh9:
* Wed Aug 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.3-0.f0.9.6.legacy
- Remove a backup file the patch left behind

* Fri Aug 05 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.4.3-0.f0.9.5.legacy
- Updated patch for CAN-2005-1769 that doesn't break addressbook (#165094)

* Wed Aug 03 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.4.3-0.f0.9.4.legacy
- Patches for CAN-2005-1769 and CAN-2005-2095 (#163047)

fc1:
* Wed Aug 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.3-0.f1.1.5.legacy
- Remove a backup file the patch left behind

* Fri Aug 05 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.4.3-0.f1.1.4.legacy
- Updated patch for CAN-2005-1769 which doesn't break addressbook (#165094)

* Wed Aug 03 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.4.3-0.f1.1.3.legacy
- Patches for CAN-2005-1769 and CAN-2005-2095 (#163047)

fc2:
* Wed Aug 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.4.4-1.FC2.2.legacy
- Don't create backup files when applying patches

* Tue Jul 26 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.4.4-1.FC2.1.legacy
- Patches for CAN-2005-1769 and CAN-2005-2095 (#163047)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh9:
5182c295693a72d9602945a5985c39c125f2b422
redhat/9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.6.legacy.noarch.rpm
1aec842c861408106c2818cf4c58caf762367230
redhat/9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.6.legacy.src.rpm

fc1:
10dcfc4975cbe049df638ff43304e0a6a22f58a2
fedora/1/updates-testing/i386/squirrelmail-1.4.3-0.f1.1.5.legacy.noarch.rpm
5f0c54493ae619de8a85813947470bfedd5415f2
fedora/1/updates-testing/SRPMS/squirrelmail-1.4.3-0.f1.1.5.legacy.src.rpm

fc2:
83e7c1b6a1f070894be5456b3dd850b3a6f090b2
fedora/2/updates-testing/i386/squirrelmail-1.4.4-1.FC2.2.legacy.noarch.rpm
de4f2ef84e23b310f7f845ee8624360dadb7b74d
fedora/2/updates-testing/SRPMS/squirrelmail-1.4.4-1.FC2.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050810/33e13f22/attachment.sig>

More information about the fedora-legacy-list mailing list