[SECURITY] Fedora Core 6 Update: squirrelmail-1.4.10a-1.fc6

Martin Bacovsky mbacovsk at redhat.com
Mon May 14 17:19:18 UTC 2007

Fedora Update Notification

Product     : Fedora Core 6
Name        : squirrelmail
Version     : 1.4.10a
Release     : 1.fc6
Summary     : SquirrelMail webmail client
Description :
SquirrelMail is a basic webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers.  It has very few requirements and is very
easy to configure and install.

Update Information:

Upgrade to new upstream squirrelmail-1.4.10a. This update
also fixes CVE-2007-1262 and CVE-2006-6142
* Fri May 11 2007 Martin Bacovsky <mbacovsk at redhat.com> - 1.4.10a-1
- upgrade to new upstream 1.4.10a
- resolves: #239704: CVE-2007-1262 squirrelmail cross-site scripting flaw
- resolves: #218297: CVE-2006-6142 Three XSS issues in SquirrelMail

This update can be downloaded from:

6f715a5dffd1c076ee42c5914621542b4ce82233  SRPMS/squirrelmail-1.4.10a-1.fc6.src.rpm
6f715a5dffd1c076ee42c5914621542b4ce82233  noarch/squirrelmail-1.4.10a-1.fc6.src.rpm
5965e3a06471b702e8fe4a47c509c315fa6a42c1  ppc/squirrelmail-1.4.10a-1.fc6.noarch.rpm
5965e3a06471b702e8fe4a47c509c315fa6a42c1  x86_64/squirrelmail-1.4.10a-1.fc6.noarch.rpm
5965e3a06471b702e8fe4a47c509c315fa6a42c1  i386/squirrelmail-1.4.10a-1.fc6.noarch.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the Fedora-package-announce mailing list